Skip to main content
Close

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Policy management

  1. Last updated
  2. Save as PDF

Policies allow you to apply specific retention and permissions to buckets and the objects contained within.

The S3 Console supports the following policies:

  • Expiration lifecycle
  • Sync-from replication
  • Sync-to replication
  • Object lock
TipWhen navigating through policies, you can use the breadcrumbs found under the bucket's name to quickly navigate back to previous screens.
Child Topics

Expiration lifecycle policy

The expiration lifecycle policy sets an expiration date on the objects within a bucket.

A set of rules is applied to this policy that define actions across groups of objects. These rules can apply to current versions, non-current versions, incomplete multi-part uploads, and expired delete markers.

Each policy can contain up to 1,000 rules. Additionally, each rule contains filters (such as prefixes and tags), as well as actions.

NoteActions are applied as to your expiration lifecycle policy as rules and can be implemented from the Add rule page of a given bucket.

Actions apply to all objects in the bucket and are specific to the expiration lifecycle policy. They can be added as individually set rules and do not require tags or a prefix. Currently, the following four expiration actions are supported:

  • Current versions: Permanenetly deletes an object after a set number of days from object creation, or on a specific date. The default is 365 days.
  • Non-current versions: Permanently deletes an object after a set number of days from having been made a previous version, or on a specific date. The default is 30 days.
  • Incomplete multi-part uploads: Removes partial MPU uploads if they are not successfully completed within a set number of days.
  • Expired delete markers: Retains an expired delete marker in the event that all previous versions of an object expire after the deletion of a versioned object. The default is 7 days.
    ImportantThe Expired delete markers policy cannot be set if the Current versions policy is enabled.
Parent Topic
Child Topics

Adding an expiration lifecycle policy to a new bucket

To add an expiration lifecycle policy to a new bucket:

Procedure

  1. From the Buckets page, click Create bucket.

  2. Enable the Expiration Lifecycle policy by clicking its selection toggle.

  3. Configure your policy by clicking Configure.

  4. When you are finished editing, click Done.

  5. Click Create.

Parent Topic

Adding an expiration lifecycle policy to a pre-existing bucket

To add an expiration lifecycle policy to a pre-existing bucket:

Procedure

  1. From the Buckets page, navigate to your bucket and click its name in the Bucket name column to select it.

  2. Enable the Expiration Lifecycle policy by clicking its selection toggle.

  3. Edit your policy by clicking Configure.

  4. When you are finished editing, click Done.

  5. Click Create.

Parent Topic

Adding actions to an expiration lifecycle policy

To add actions to an expiration lifecycle policy:

Procedure

  1. From the Buckets page, select your bucket.

  2. Click the Properties tag.

  3. Click Configure on the policy.

  4. Click + Add rule.

  5. From the Actions section, select your preferred action by clicking its selection slider.

    • To place an expiration lifecycle policy on current versions, enable Current versions. You can then set a number of days to hold these files or a specific date by which they will be deleted.
    • To place an expiration lifecycle policy on previous versions, enable Non-current versions. You can then set a number of days to hold these files.
    • To place an expiration lifecycle policy on incomplete multi-part uploads, enable Incomplete multi-part uploads. You can then set a number of days to hold these partially uploaded files until they are deleted.
    • Optionally, you can enable Expired delete markers to automatically remove expired objects.

  6. Once selected, configure your action.

  7. When you are finished editing, click Done.

Parent Topic

Editing an expiration lifecycle policy

To edit an expiration lifecycle policy:

Procedure

  1. From the Buckets page, navigate to your bucket and click its name in the Bucket name column to select it.

  2. On the bucket's page, click the Properties tab.

  3. Edit the Expiration Lifecycle policy by clicking Configure.

  4. When you are finished editing, click Done.

  5. Click Update.

Parent Topic

Removing an expiration lifecycle policy

To remove an expiration lifecycle policy from a bucket:

Procedure

  1. From the Buckets page, navigate to your bucket and click its name in the Bucket name column to select it.

  2. On the bucket page, click the Properties tab.

  3. Remove the Expiration Lifecycle policy by clicking its selection toggle.

    The policy is greyed out.

  4. Click Update.

    The policy is removed from the bucket.
Parent Topic

Sync-from replication policy

The sync-from replication policy provides information about replicated objects, their remote buckets, and information from the remote queue.

A set of rules that define asynchronous replication from remote buckets is applied. Each rule defines the objects to be replicated, the remote bucket these objects are replicated from, and the corresponding AWS SQS queue. The queue is used for notifications about the changes in the remote bucket.

Each policy can contain up to 1,000 rules and each rule contains filters (such as prefixes and tags). If a filter is not applied to a sync-from replication policy on bucket, then the policy applies to all objects.

As you set up your policy, all required fields are highlighted to make configuration easier.

ImportantWhen adding a rule to this policy, the All objects filter is selected by default. To add tags, a prefix, or both, click Filter objects.
Parent Topic
Child Topics

Editing a sync-from replication policy

To edit a bucket's sync-from replication policy:

Procedure

  1. From the Buckets page, navigate to your bucket and click its name in the Bucket name column to select it.

  2. On the bucket's page, click the Properties tab.

  3. Edit the Sync-from Replication policy by clicking Configure.

  4. When you are finished editing, click Done.

  5. Click Update.

Parent Topic

Removing a sync-from replication policy

To remove a sync-from replication policy from a bucket:

Procedure

  1. From the Buckets page, navigate to your bucket and click its name in the Bucket name column to select it.

  2. On the bucket page, click the Properties tab.

  3. Remove the Sync-from Replication policy by clicking its selection toggle.

    The policy is greyed out.

  4. Click Update.

    The policy is removed from the bucket.
Parent Topic

Sync-to replication policy

The sync-to replication policy provides information about replicated objects and their remote buckets.

A set of rules that define asynchronous replication to remote buckets is applied. Each rule defines the objects to be replicated and the remote bucket these objects are to be replicated in.

Each policy can contain up to 1,000 rules and each rule contains filters (such as prefixes and tags). If a filter is not applied to a sync-to replication policy on bucket, then the policy applies to all objects.

As you set up your policy, all required fields are highlighted to make configuration easier.

ImportantWhen adding a rule to this policy, the All objects filter is selected by default. To add tags, a prefix, or both, click Filter objects.
Parent Topic
Child Topics

Adding a sync-to replication policy to a new bucket

To add a sync-to replication policy to a new bucket:

Procedure

  1. From the Buckets page, click Create bucket.

  2. Enable the Sync-to Replication policy by clicking its selection toggle.

  3. Edit your policy by clicking Configure.

    1. Add your S3 access information to the Remote bucket configuration section.
      ImportantThe S3 hostname field is the to of the sync-to replication policy.
    2. Optional: To test your S3 connection, click the Test bucket connection button.

  4. When you are finished editing, click Done.

  5. Click Create.

Parent Topic

Adding a sync-to replication policy to a pre-existing bucket

To add a sync-to replication policy to a pre-existing bucket:

Procedure

  1. From the Buckets page, navigate to your bucket and click its name in the Bucket name column to select it.

  2. Enable the Sync-to Replication policy by clicking its selection toggle.

  3. Configure your policy by clicking Configure.

  4. When you are finished editing, click Done.

  5. Click Update.

Parent Topic

Editing a sync-to replication policy

To edit a bucket's sync-to replication policy:

Procedure

  1. From the Buckets page, navigate to your bucket and click its name in the Bucket name column to select it.

  2. On the bucket's page, click the Properties tab.

  3. Edit the Sync-to Replication policy by clicking Configure.

  4. When you are finished editing, click Done.

  5. Click Update.

Parent Topic

Removing a sync-to replication policy

To remove a sync-to replication policy from a bucket:

Procedure

  1. From the Buckets page, navigate to your bucket and click its name in the Bucket name column to select it.

  2. On the bucket page, click the Properties tab.

  3. Remove the Sync-to Replication policy by clicking its selection toggle.

    The policy is greyed out.

  4. Click Update.

    The policy is removed from the bucket.
Parent Topic

Object lock policy

An object lock policy allows you to set a retention period on an object or bucket, allowing them to prevent its deletion for a set period of time.

The objects are stored using a write-once-read-many (WORM) model.

Parent Topic
Child Topics

Adding an object lock policy
NoteThe object lock policy can only be enabled when a bucket is created.

Adding an object lock policy to a bucket provides you with the ability to add retention and legal hold to the objects contained within.

You can also enable compliance mode to set a retention period to all of the contents within a bucket by default. Additionally, when object lock is applied, legal hold can be set on a version of an object within the bucket. See Setting legal hold on a version of an object.

To create a bucket with an object lock policy:

Procedure

  1. From the Buckets page, click + Create Bucket.

    The Create bucket page appears.

  2. In the Name field, enter a name for your bucket.

  3. Click the Object lock toggle to enable it.

  4. In the Access level section, select your required level of security.

    • Private: Only you have access to this bucket.
    • Authenticated: Lets you grant access to this bucket for any user with an account on the system.
    • Unauthenticated: Lets you grant public access to this bucket for anyone. You can choose to assign Read or Read/Write privileges.

  5. In the Bucket policies section, choose Object Lock.

  6. Click Configure on the Object Lock policy to set retention.

  7. Click the Default retention toggle to enable it and set the retention period.

  8. Click Done.

  9. When you are finished configuring your bucket, click Create.

    You are returned to the Buckets page and a message confirming the creation of the new bucket is displayed.

  10. To view your new bucket, select it by clicking its name from the Bucket name column.

    The bucket page is displayed and an overview of your bucket is provided.
Parent Topic

Editing an object lock policy

To edit an object lock policy:

Procedure

  1. From the Buckets page, navigate to your bucket and click its name in the Bucket name column to select it.

  2. On the bucket's page, click the Properties tab.

  3. Edit the Object Lock policy by clicking Configure.

  4. When you are finished editing, click Done.

  5. Click Update.

    Your changes are applied to your policy.
Parent Topic

Deleting a bucket with an object lock policy

Once an object lock policy is applied to a bucket, it cannot be disabled.

To remove a bucket with an object lock policy:

  1. Delete the bucket. See Deleting a bucket.
Parent Topic

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
    Page Type
    Documentation Article
  2. Tags
    This page has no tags.