Are objects under compliance mode with retention period deletable?

Question

I know all the doc says objects with compliance mode turned on DEFY deletion while it's in retention period.
Is there really no way around this? For instance can AWS engineers delete them on their end or are they locked up just forever?

An extreme case would be somehow the bucket's default policy is compliance mode + retention period of 100 years(maximum), is the data uploaded into this bucket permanently staying in this case?

Thanks!

Answer

- In compliance mode, a protected object version can't be overwritten or deleted by any user including the root user in your AWS account.
- In governance mode, users can't overwrite or delete an object version or alter its lock settings unless they have special permissions. If you try to delete objects protected by governance mode and have s3:BypassGovernanceRetention or s3:GetBucketObjectLockConfiguration permissions, the operation will succeed.

>> https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-retention-modes

AWS engineers do not have access to Customer's data due to strict AWS Privacy and Security policies https://aws.amazon.com/compliance/data-privacy-faq/ and hence cannot be altered from AWS end.

Once the objects are locked under compliance mode compliance mode the minimum retention period must be met before any changes are to be made.

Are objects under compliance mode with retention period deletable?

相關內容