Policy management
Policies allow users to apply specific retention and permissions to buckets and the objects contained within.
Bucket policies
Currently, the S3 Console supports the following policies:
- Expiration Lifecycle policy
- Sync-from Replication policy
- Sync-to Replication policy
Expiration Lifecycle policy
The Expiration Lifecycle policy sets an expiration date on the objects within a bucket.
A set of rules is applied to this policy that define actions across groups of objects. These rules can apply to current versions, non-current versions, incomplete multi-part uploads, and expired delete markers.
Each policy can contain up to 1,000 rules. Additionally, each rule contains filters (such as prefixes and tags), as well as actions.
Actions apply to all objects in the bucket and are specific to the Expiration Lifecycle policy. They can be added as individually set rules and do not require tags or a prefix. Currently, the following four expiration actions are supported:
- Current versions: Permanenetly deletes an object after a set number of days from object creation, or on a specific date. The default is 365 days.
- Non-current versions: Permanently deletes an object after a set number of days from having been made a previous version, or on a specific date. The default is 30 days.
- Incomplete multi-part uploads: Removes partial MPU uploads if they are not successfully completed withing a set number of days.
- Expired delete markers: Retains an expired delete marker in the event that all previous versions of an object expire after the deletion of a versioned object. The default is 7 days.ImportantThe Expired delete markers policy cannot be set if the Current versions policy is enabled.
Adding an expiration lifecycle policy to a new bucket
To add an expiration lifecycle policy to a new bucket:
Procedure
From the Buckets page, click Create bucket.
Enable the Expiration Lifecycle policy by clicking its selection toggle.
Configure your policy by clicking Configure.
Click Create.
Adding an Expiration Lifecycle policy to a pre-existing bucket
To add an Expiration Lifecycle policy to a pre-existing bucket:
Procedure
From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.
Enable the Expiration Lifecycle policy by clicking its selection toggle.
Edit your policy by clicking Configure.
Click Create.
Adding actions to an Expiration Lifecycle policy
To add actions to an Expiration Lifecycle policy:
Procedure
From the Buckets page, select the bucket by clicking its name from the Bucket name column.
Click the Properties tag.
Click Configure on the policy.
Click + Add rule.
From the Actions section, select your preferred action by clicking its selection slider.
- To place a hold on current versions, enable Current versions. You can then set a number of days to hold these files or a specific date by which they will be deleted.
- To place a hold on previous versions, enable Non-current versions. You can then set a number of days to hold these files.
- To place a hold on incomplete multi-part uploads, enable Incomplete multi-part uploads. You can then set a number of days to hold these partially uploaded files until they are deleted.
- Optionally, you can enable Expired delete markers to automatically remove expired objects.
Once selected, configure your action.
Click Done.
The action is added as a rule to your policy.
Editing a Expiration Lifecycle policy
To edit an Expiration Lifecycle policy:
Procedure
From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.
On the bucket's page, click the Properties tab.
Edit the Expiration Lifecycle policy by clicking Configure.
Click Update.
Removing an Expiration Lifecycle policy
To remove an Expiration Lifecycle policy from a bucket:
Procedure
From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.
On the bucket page, click the Properties tab.
Remove the Expiration Lifecycle policy by clicking its selection toggle.
The policy is greyed out.Click Update.
The policy is removed from the bucket.
Sync-from Replication policy
The Sync-from Replication policy provides information about replicated objects, their remote buckets, and information from the remote queue.
A set of rules that define asynchronous replication from remote buckets is applied. Each rule defines the objects to be replicated, the remote bucket these objects are replicated from, and the corresponding AWS SQS queue. The queue is used for notifications about the changes in the remote bucket.
Each policy can contain up to 1,000 rules and each rule contains filters (such as prefixes and tags). If a filter is not applied to a Sync-from Replication policy on bucket, then the policy applies to all objects.
Editing a Sync-from Replication policy
To edit a bucket's Sync-from Replication policy:
Procedure
From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.
On the bucket's page, click the Properties tab.
Edit the Sync-from Replication policy by clicking Configure.
Click Update.
Removing a Sync-from Replication policy
To remove a Sync-from Replication policy from a bucket:
Procedure
From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.
On the bucket page, click the Properties tab.
Remove the Sync-from Replication policy by clicking its selection toggle.
The policy is greyed out.Click Update.
The policy is removed from the bucket.
Sync-to Replication policy
The Sync-to Replication policy provides information about replicated objects and their remote buckets.
A set of rules that define asynchronous replication to remote buckets is applied. Each rule defines the objects to be replicated and the remote bucket these objects are to be replicated in.
Each policy can contain up to 1,000 rules and each rule contains filters (such as prefixes and tags). If a filter is not applied to an Sync-to Replication policy on bucket, then the policy applies to all objects.
Adding a Sync-to Replication policy to a new bucket
To add a Sync-to Replication policy to a new bucket:
Procedure
From the Buckets page, click Create bucket.
Enable the Sync-to Replication policy by clicking its selection toggle.
Edit your policy by clicking Configure.
- Add your S3 access information to the Remote bucket configuration section.ImportantThe S3 hostname field is the to of the sync-to replication policy.
- Optional: To test your S3 connection, click the Test bucket connection button.
- Add your S3 access information to the Remote bucket configuration section.
Click Create.
Adding a Sync-to Replication policy to a pre-existing bucket
To add a Sync-to Replication policy to a pre-existing bucket:
Procedure
From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.
Enable the Sync-to Replication policy by clicking its selection toggle.
Configure your policy by clicking Configure.
Click Update.
Editing a Sync-to Replication policy
To edit a bucket's Sync-to Replication policy:
Procedure
From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.
On the bucket's page, click the Properties tab.
Edit the Sync-to Replication policy by clicking Configure.
Click Update.
Removing a Sync-to Replication policy
To remove a Sync-to Replication policy from a bucket:
Procedure
From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.
On the bucket page, click the Properties tab.
Remove the Sync-to Replication policy by clicking its selection toggle.
The policy is greyed out.Click Update.
The policy is removed from the bucket.