- Newest
- Most votes
- Most comments
Hi,
The behavior you're seeing here is due to versioning. Versioning is mandatory when you enable object lock, so when you delete an object it places a delete marker on the object, but the original version of the object is retained. If you want to see the delete marker and original version of the object, in the management console toggle the "show versions" switch.
For reference: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-managing-lifecycle
I had read about the versioning, but assumed in compliance mode you could not even add the delete marker. That we would get an error trying to remove, not add the marker and hide it? That seems counter intuitive.
Is the file definitely being deleted? In S3 when you delete a versioned file a delete marker is added but the previous version still remains - this can be seen by toggling the 'Show Versions' switch in the console.
This file was set with default object lock of 7 days with compliance mode and could be 'deleted' via the CLI, but the previous version is still available.
Relevant content
- asked 2 years ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
You can still add delete markers - see https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-managing-lifecycle
Yes, you can still add the delete marker even in compliance mode. If you try and delete the specific version you uploaded using the cli, you will get access denied, example command below: aws s3api delete-object --bucket my-bucket --key my-object-key --version-id object version id here --bypass-governance-retention