I am thinking to create a recycle bin mechanism for a versioned s3 bucket to prevent accidental deletion and modification of authorized users. The idea is 1) keep most recent 5 non-current revisions for 1 day; 2) any non-current version older than 2 days will be deleted.
The policies look like:
{
"Rules": [
{
"ID": "Recyclebin_Part1",
"Filter": {},
"Status": "Enabled",
"NoncurrentVersionExpiration": {
"NoncurrentDays": 1,
"NewerNoncurrentVersions": 5
}
},
{
"ID": "RecycleBin_Part2",
"Filter": {},
"Status": "Enabled",
"NoncurrentVersionExpiration": {
"NoncurrentDays": 2
}
}
]
}
However, looks like the second rule RecycleBin_Part2 was never applied. By checking at the object versions, there are always 5 non-current versions, even after a couple of days.
I could be wrong but does the first policy always win if both policies target (whole bucket) on the same scope and perform a same operation (expire objects) on the objects?
Is there a better way to implement this idea? A script to scan and purge non-current objects might not be a scalable option for buckets with millions of objects.
Thanks!