Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Policy management

Policies allow users to apply specific retention and permissions to buckets and the objects contained within.

Bucket policies

Currently, the S3 Console supports the following policies:

  • Expiration Lifecycle policy
  • Sync-from Replication policy
  • Sync-to Replication policy
TipWhen navigating through policies, users can use the breadcrumbs found under the bucket's name to quickly navigate back to previous screens.

Expiration Lifecycle policy

The Expiration Lifecycle policy sets an expiration date on the objects within a bucket.

A set of rules is applied to this policy that define actions across groups of objects. These rules can apply to current versions, non-current versions, incomplete multi-part uploads, and expired delete markers.

Each policy can contain up to 1,000 rules. Additionally, each rule contains filters (such as prefixes and tags), as well as actions.

ImportantWhen adding a rule to this policy, the All objects filter is selected by default. To add tags, a prefix, or both, click Filter objects.

Actions apply to all objects in the bucket and are specific to the Expiration Lifecycle policy. They can be added as individually set rules and do not require tags or a prefix. Currently, the following four expiration actions are supported:

  • Current versions: Permanenetly deletes an object after a set number of days from object creation, or on a specific date. The default is 365 days.
  • Non-current versions: Permanently deletes an object after a set number of days from having been made a previous version, or on a specific date. The default is 30 days.
  • Incomplete multi-part uploads: Removes partial MPU uploads if they are not successfully completed withing a set number of days.
  • Expired delete markers: Retains an expired delete marker in the event that all previous versions of an object expire after the deletion of a versioned object. The default is 7 days.
    ImportantThe Expired delete markers policy cannot be set if the Current versions policy is enabled.
NoteActions are applied as to your Expiration Lifecycle policy as rules and can be implemented from the Add rule page of a given bucket.

Adding an expiration lifecycle policy to a new bucket

To add an expiration lifecycle policy to a new bucket:

Procedure

  1. From the Buckets page, click Create bucket.

  2. Enable the Expiration Lifecycle policy by clicking its selection toggle.

  3. Configure your policy by clicking Configure.

  4. Click Create.

Adding an Expiration Lifecycle policy to a pre-existing bucket

To add an Expiration Lifecycle policy to a pre-existing bucket:

Procedure

  1. From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.

  2. Enable the Expiration Lifecycle policy by clicking its selection toggle.

  3. Edit your policy by clicking Configure.

  4. Click Create.

Adding actions to an Expiration Lifecycle policy

To add actions to an Expiration Lifecycle policy:

Procedure

  1. From the Buckets page, select the bucket by clicking its name from the Bucket name column.

  2. Click the Properties tag.

  3. Click Configure on the policy.

  4. Click + Add rule.

  5. From the Actions section, select your preferred action by clicking its selection slider.

    • To place a hold on current versions, enable Current versions. You can then set a number of days to hold these files or a specific date by which they will be deleted.
    • To place a hold on previous versions, enable Non-current versions. You can then set a number of days to hold these files.
    • To place a hold on incomplete multi-part uploads, enable Incomplete multi-part uploads. You can then set a number of days to hold these partially uploaded files until they are deleted.
    • Optionally, you can enable Expired delete markers to automatically remove expired objects.
  6. Once selected, configure your action.

  7. Click Done.

    The action is added as a rule to your policy.

Editing a Expiration Lifecycle policy

To edit an Expiration Lifecycle policy:

Procedure

  1. From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.

  2. On the bucket's page, click the Properties tab.

  3. Edit the Expiration Lifecycle policy by clicking Configure.

  4. Click Update.

Removing an Expiration Lifecycle policy

To remove an Expiration Lifecycle policy from a bucket:

Procedure

  1. From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.

  2. On the bucket page, click the Properties tab.

  3. Remove the Expiration Lifecycle policy by clicking its selection toggle.

    The policy is greyed out.
  4. Click Update.

    The policy is removed from the bucket.

Sync-from Replication policy

The Sync-from Replication policy provides information about replicated objects, their remote buckets, and information from the remote queue.

A set of rules that define asynchronous replication from remote buckets is applied. Each rule defines the objects to be replicated, the remote bucket these objects are replicated from, and the corresponding AWS SQS queue. The queue is used for notifications about the changes in the remote bucket.

Each policy can contain up to 1,000 rules and each rule contains filters (such as prefixes and tags). If a filter is not applied to a Sync-from Replication policy on bucket, then the policy applies to all objects.

ImportantWhen adding a rule to this policy, the All objects filter is selected by default. To add tags, a prefix, or both, click Filter objects.

Editing a Sync-from Replication policy

To edit a bucket's Sync-from Replication policy:

Procedure

  1. From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.

  2. On the bucket's page, click the Properties tab.

  3. Edit the Sync-from Replication policy by clicking Configure.

  4. Click Update.

Removing a Sync-from Replication policy

To remove a Sync-from Replication policy from a bucket:

Procedure

  1. From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.

  2. On the bucket page, click the Properties tab.

  3. Remove the Sync-from Replication policy by clicking its selection toggle.

    The policy is greyed out.
  4. Click Update.

    The policy is removed from the bucket.

Sync-to Replication policy

The Sync-to Replication policy provides information about replicated objects and their remote buckets.

A set of rules that define asynchronous replication to remote buckets is applied. Each rule defines the objects to be replicated and the remote bucket these objects are to be replicated in.

Each policy can contain up to 1,000 rules and each rule contains filters (such as prefixes and tags). If a filter is not applied to an Sync-to Replication policy on bucket, then the policy applies to all objects.

ImportantWhen adding a rule to this policy, the All objects filter is selected by default. To add tags, a prefix, or both, click Filter objects.

Adding a Sync-to Replication policy to a new bucket

To add a Sync-to Replication policy to a new bucket:

Procedure

  1. From the Buckets page, click Create bucket.

  2. Enable the Sync-to Replication policy by clicking its selection toggle.

  3. Edit your policy by clicking Configure.

    1. Add your S3 access information to the Remote bucket configuration section.
      ImportantThe S3 hostname field is the to of the sync-to replication policy.
    2. Optional: To test your S3 connection, click the Test bucket connection button.
  4. Click Create.

Adding a Sync-to Replication policy to a pre-existing bucket

To add a Sync-to Replication policy to a pre-existing bucket:

Procedure

  1. From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.

  2. Enable the Sync-to Replication policy by clicking its selection toggle.

  3. Configure your policy by clicking Configure.

  4. Click Update.

Editing a Sync-to Replication policy

To edit a bucket's Sync-to Replication policy:

Procedure

  1. From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.

  2. On the bucket's page, click the Properties tab.

  3. Edit the Sync-to Replication policy by clicking Configure.

  4. Click Update.

Removing a Sync-to Replication policy

To remove a Sync-to Replication policy from a bucket:

Procedure

  1. From the Buckets page, navigate to your respective bucket and click its name in the Bucket name column to select it.

  2. On the bucket page, click the Properties tab.

  3. Remove the Sync-to Replication policy by clicking its selection toggle.

    The policy is greyed out.
  4. Click Update.

    The policy is removed from the bucket.

 

  • Was this article helpful?