By using AWS re:Post, you agree to the Terms of Use

S3 Object Lock and CRR

0

Hi Folks,

I have a few questions regarding how Object Lock works with CRR:

  1. The docs mention that Legal Holds are not replicated (just retention is replicated). Is that true?
  2. If the buckets have Object Lock enabled is s3:GetObjectRetention and s3:GetObjectLegalHold required to be set (in the CRR replication role) to replicate objects that don't have retention or legal hold applied?
  3. If the buckets have Object Lock enabled, for an object that has retention and/or legal hold applied, if s3:GetObjectRetention and/or s3:GetObjectLegalHold is set (in the CRR replication role) will the object not get replicated or will the object get replicated but the retention/legal hold information won't get applied to the replica.
  4. If retention or legal hold is applied after an object is replicated, will the retention and legal hold information get replicated (just the way tagging/ACL information gets replicated)?
  5. Can the retention/lock information get updated on objects in the destination bucket after they are replication?
    6.If the retention/lock information gets updated on objects in the destination bucket after an object is replicated, and then the retention/lock information gets updated on the same objects in the source bucket, will the source bucket object changes get replicated and applied to the destination bucket?

Thanks.

asked 3 years ago119 views
3 Answers
0

hi aj_park,

  1. both retention and legal holds are replicated
    2/3. if s3:GetObjectRetention and s3:GetObjectLegalHold are not set in the replication role, objects without retention/hold will be replicated, but objects with retention/hold will fail replication (no data will be replicated)
  2. yes, retention/holds applied after an object is replicated will also be replicated (similar to tags/acls)
  3. yes, retention/holds can be modified on objects in the destination after replication
  4. legal hold changes applied to the source object will be replicated to the destination object. for retention info, if in GOVERNANCE mode, the changes will be replicated; if in COMPLIANCE mode, the changes will be replicated only if the date for the source object is after the date for the destination object (in other words, in COMPLIANCE mode, replication can only extend the protection period)

hope that helps!

answered 3 years ago
0

Thanks jakeataws. This is very helpful.

answered 3 years ago
0

Hi jakeataws,

Can you help me with the following follow-up questions:

  1. Let's assume that a source object has been replicated and the x-amz-replication-status has been set to COMPLETED (for the source object). If the retention on the source object is modified, will the x-amz-replication-status get changed to PENDING while the retention changes are being applied at the destination bucket and then change back to COMPLETED again after the retention changes are applied at the destination bucket?

  2. Does the same apply to ACLs and tag changes as well?

Thanks.

Best,
AJ

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions