How to managing object immutability with Object Lock (WORM)

Question

Hello everyone,I use Object Storage (Standard - S3):I would like to set up object immutability with Object Lock (WORM: Write Once, Read Many) It is for backup from our production servers and protext from accidental delte or attack.I follow this article: https://help.ovhcloud.com/csm/en-gb-public-cloud-storage-s3-managing-object-lock?id&#61;kb_article_view&sysparm_article&#61;KB0047401Also I configure user whith &#34;Import S3 Policy (JSON)&#34;After all of this, I still can delete objets from S3. ¿I'm mising somthing?And ¿some one is using succesfully Object Lock on OVH?Used &#34;Import S3 Policy (JSON)&#34;:    {      &#34;Statement&#34;: [        {          &#34;Sid&#34;: &#34;RWContainerLock&#34;,          &#34;Effect&#34;: &#34;Allow&#34;,          &#34;Action&#34;: [            &#34;s3:GetObject&#34;,            &#34;s3:PutObject&#34;,            &#34;s3:DeleteObject&#34;,            &#34;s3:ListBucket&#34;,            &#34;s3:ListMultipartUploadParts&#34;,            &#34;s3:ListBucketMultipartUploads&#34;,            &#34;s3:AbortMultipartUpload&#34;,            &#34;s3:GetBucketLocation&#34;,    	&#34;s3:PutBucketObjectLockConfiguration&#34;,    	&#34;s3:GetBucketObjectLockConfiguration&#34;          ],          &#34;Resource&#34;: [            &#34;arn:aws:s3:::*&#34;,            &#34;arn:aws:s3:::*/*&#34;          ]        }      ]    }This is the script I use for test:    #!/bin/bash -eu    err_report() {     	echo >&2 &#34;*** $0 ABORTED Linea $1 ***&#34;    	echo >&2 &#34;>> &#34; $(sed &#34;$1!d&#34; $0)    	exit 1    }    trap 'err_report $LINENO' ERR    export AWS_PAGER&#61;&#34;&#34;    export AWS_ENDPOINT&#61;https://s3.waw.io.cloud.ovh.net    date >> example_file.log    BUCKET_PREFIX&#61;example-bucket-worm-    BUCKET_NAME&#61;$BUCKET_PREFIX$(openssl rand -hex 5 )    echo &#34;BUCKET_NAME: $BUCKET_NAME&#34;     aws --endpoint-url &#34;$AWS_ENDPOINT&#34; \        s3api create-bucket \        --bucket &#34;$BUCKET_NAME&#34; \        --object-lock-enabled-for-bucket | cat    aws --endpoint-url &#34;$AWS_ENDPOINT&#34; s3api put-object-lock-configuration \        --bucket &#34;$BUCKET_NAME&#34; \        --object-lock-configuration '{ &#34;ObjectLockEnabled&#34;: &#34;Enabled&#34;, &#34;Rule&#34;: { &#34;DefaultRetention&#34;: { &#34;Mode&#34;: &#34;COMPLIANCE&#34;, &#34;Days&#34;: 2 }}} '    echo &#34;Bucket lock configuration:&#34;    aws --endpoint-url &#34;$AWS_ENDPOINT&#34; s3api get-object-lock-configuration --bucket &#34;$BUCKET_NAME&#34;    echo &#34;Upload file&#34;    aws --endpoint-url &#34;$AWS_ENDPOINT&#34; s3 cp example_file.log s3://&#34;$BUCKET_NAME&#34;    echo &#34;View files&#34;    echo &#34;Files lock configuration:&#34;    aws --endpoint-url &#34;$AWS_ENDPOINT&#34; s3api get-object-retention \       --bucket &#34;$BUCKET_NAME&#34; \       --key example_file.log    echo &#34;Delete file:&#34;    aws --endpoint-url &#34;$AWS_ENDPOINT&#34; s3 rm &#34;s3://$BUCKET_NAME/example_file.log&#34;    echo &#34;List files:&#34;    aws --endpoint-url &#34;$AWS_ENDPOINT&#34; s3 ls &#34;$BUCKET_NAME&#34;

Welcome to OVHcloud Community

Ask questions, search for information, post content, and interact with other OVHcloud Community members.

How to managing object immutability with Object Lock (WORM)

Related questions

Join discussion

Most viewed in same Forum

Most recent in same Forum