diff --git a/docs.json b/docs.json index d7a533e3a..8bf0d2346 100644 --- a/docs.json +++ b/docs.json @@ -1179,6 +1179,7 @@ "group": "Manage object storage", "pages": [ "storage/manage-object-storage/manage-buckets-via-the-control-panel", + "storage/manage-object-storage/protect-objects-with-object-lock", { "group": "Configure AWS CLI, S3cmd, and AWS JavaScript SDK", "pages": [ diff --git a/llms-full.txt b/llms-full.txt index 81743b43e..ba782f88c 100644 --- a/llms-full.txt +++ b/llms-full.txt @@ -1,6 +1,6 @@ # Gcore Docs - Full Index -> Complete article index across all Gcore products. 578 articles. +> Complete article index across all Gcore products. 579 articles. > Use this file for offline indexing, bulk vectorization, or large-context retrieval. # Gcore Account settings @@ -711,6 +711,7 @@ ## Manage object storage - [Managing buckets through the customer portal](https://gcore.com/docs/storage/manage-object-storage/manage-buckets-via-the-control-panel.md): Create S3 buckets in Gcore Object Storage with naming constraints (3-63 characters, lowercase, no underscores or consecutive dots), configure CORS policy per bucket, and manage file uploads via the customer portal file manager using Access Key and Secret Key authentication. +- [Protect objects from deletion with Object Lock](https://gcore.com/docs/storage/manage-object-storage/protect-objects-with-object-lock.md): Use S3 Object Lock to prevent objects in Gcore S3 Standard storage from being deleted or overwritten for a defined retention period. Enable Object Lock at bucket creation with AWS CLI, set Compliance or Governance retention modes, and configure default retention policies using put-object-lock-configuration. ## Configure AWS CLI, S3cmd, and AWS JavaScript SDK - [Connect AWS CLI, S3cmd, and AWS JavaScript SDK](https://gcore.com/docs/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/connect-aws-cli-s3cmd-and-aws-sdk.md): Configure AWS CLI and S3cmd to access Gcore Object Storage using S3-compatible credentials - Access Key, Secret Key, and storage region endpoint via aws configure and s3cmd --configure commands. diff --git a/llms.txt b/llms.txt index 72d8e6126..de0fe8321 100644 --- a/llms.txt +++ b/llms.txt @@ -16,7 +16,7 @@ - [Gclaw](https://gcore.com/docs/gclaw/llms.txt): Managed OpenClaw service with built-in inference for launching AI agents instantly (10 articles). - [Managed DNS](https://gcore.com/docs/dns/llms.txt): Manage DNS zones and records using Gcore Managed DNS with Anycast routing, geo-balancing, health checks, DNSSEC, and OctoDNS and Certbot plugin integration (20 articles). - [Hosting](https://gcore.com/docs/hosting/llms.txt): Order and manage Gcore Dedicated Servers and Virtual Servers with DDoS protection, BGP, SSL certificates, account management, billing, and API-based server management (82 articles). -- [Object Storage](https://gcore.com/docs/storage/llms.txt): Store and manage data in Gcore S3-compatible Object Storage with S3 Fast (high-performance AI/ML workloads), S3 Standard (general-purpose backups), and SFTP storage types (15 articles). +- [Object Storage](https://gcore.com/docs/storage/llms.txt): Store and manage data in Gcore S3-compatible Object Storage with S3 Fast (high-performance AI/ML workloads), S3 Standard (general-purpose backups), and SFTP storage types (16 articles). - [Video Streaming](https://gcore.com/docs/streaming/llms.txt): Gcore Video Streaming is a high-load video streaming PaaS. Scale to 1M+ viewers and beyond (66 articles). - [DDoS protection](https://gcore.com/docs/ddos-protection/llms.txt): Protect servers and Virtual Machines against DDoS attacks using Gcore Advanced DDoS Protection with traffic redirection to a mitigation system for filtering attack traffic (16 articles). - [Edge Proxy](https://gcore.com/docs/edge-proxy/llms.txt): Deploy Edge Proxy DDoS protection on Gcore CDN edge infrastructure using Anycast IP addresses, translation rules mapping origin IP/port/protocol/application type, and globally distributed Points of Presence for multi-terabit filtering capacity (3 articles). diff --git a/storage/llms.txt b/storage/llms.txt index 76eee1789..1e8d89a0d 100644 --- a/storage/llms.txt +++ b/storage/llms.txt @@ -9,6 +9,7 @@ ## Manage object storage - [Managing buckets through the customer portal](https://gcore.com/docs/storage/manage-object-storage/manage-buckets-via-the-control-panel.md): Create S3 buckets in Gcore Object Storage with naming constraints (3-63 characters, lowercase, no underscores or consecutive dots), configure CORS policy per bucket, and manage file uploads via the customer portal file manager using Access Key and Secret Key authentication. +- [Protect objects from deletion with Object Lock](https://gcore.com/docs/storage/manage-object-storage/protect-objects-with-object-lock.md): Use S3 Object Lock to prevent objects in Gcore S3 Standard storage from being deleted or overwritten for a defined retention period. Enable Object Lock at bucket creation with AWS CLI, set Compliance or Governance retention modes, and configure default retention policies using put-object-lock-configuration. ## Configure AWS CLI, S3cmd, and AWS JavaScript SDK - [Connect AWS CLI, S3cmd, and AWS JavaScript SDK](https://gcore.com/docs/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/connect-aws-cli-s3cmd-and-aws-sdk.md): Configure AWS CLI and S3cmd to access Gcore Object Storage using S3-compatible credentials - Access Key, Secret Key, and storage region endpoint via aws configure and s3cmd --configure commands. diff --git a/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx b/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx index 9e02a91f5..f5fa7ac96 100644 --- a/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx +++ b/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx @@ -12,15 +12,15 @@ There are several ways to utilize a Lifecycle Policy. Gcore supports a lifecycle ## Lifecycle policy logic -The process of removing objects starts around midnight UTC. +Object deletion is processed around midnight UTC. The table below shows when an object is deleted based on the scenario. -Three lifecycle states determine the removal time for an object: +| Scenario | Upload date | Policy set | Expiration (days) | Deleted on | +|---|---|---|---|---| +| Policy exists before upload | Jan 2 | Before Jan 2 | 1 | Jan 4 | +| Policy set after upload | Jan 1 | After Jan 1 | 1 | Jan 3 | +| Policy removed | Any | Removed | — | Never | -**1\. A lifecycle policy is set before the objects are uploaded.** For example, if the lifecycle policy is set for 1 day and you upload your object on January 2nd, it will be removed on January 4th. - -**2\. A lifecycle policy is set after the objects are uploaded.** If you upload an object on January 1st (at any time) and then set a lifecycle policy with a file expiration time of 1 day, the file will be deleted on January 3rd. - -**3\. A lifecycle policy is removed.** If you delete the lifecycle policy from the bucket, the object it was applied to will not be removed. +The midnight UTC processing window means deletion happens at the next processing cycle after the expiration period ends — not at the exact moment the period expires. ## Gcore lifecycle configuration elements @@ -99,26 +99,26 @@ Where: 4\. Start the AWS CLI from the directory with the _lifecycle.json_ file and run the following command: ```sh -aws s3api put-bucket-lifecycle --bucket my_bucket --lifecycle-configuration file://lifecycle.json --endpoint-url=https://s-ed1.cloud.gcore.lu +aws s3api put-bucket-lifecycle --bucket my_bucket --lifecycle-configuration file://lifecycle.json --endpoint-url=https://luxembourg-2.storage.gcore.dev ``` Replace: * `my_bucket` name in the example with your bucket name. - * `https://s-ed1.cloud.gcore.lu` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. + * `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. 5\. Check if the policy was uploaded correctly with the following command: ```sh -aws s3api get-bucket-lifecycle-configuration --bucket my_bucket --endpoint-url=https://s-ed1.cloud.gcore.lu +aws s3api get-bucket-lifecycle-configuration --bucket my_bucket --endpoint-url=https://luxembourg-2.storage.gcore.dev ``` Replace: * `my_bucket` name in the example with your bucket name. - * `https://s-ed1.cloud.gcore.lu` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. + * `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. @@ -129,16 +129,20 @@ In the response, you should receive the uploaded JSON file. To delete the policy from the bucket, use the following command: ```sh -aws s3api delete-bucket-lifecycle --bucket my-bucket --endpoint-url=https://s-ed1.cloud.gcore.lu +aws s3api delete-bucket-lifecycle --bucket my-bucket --endpoint-url=https://luxembourg-2.storage.gcore.dev ``` Replace: * `my_bucket` name in the example with your bucket name. - * `https://s-ed1.cloud.gcore.lu` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. + * `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. ## Manage a lifecycle policy with the UI -If you are using S3 storage in Luxembourg, you can manage your lifecycle policy for buckets in the Gcore Customer Portal according to the "[Manage buckets via the Gcore Customer Portal](/storage/manage-object-storage/manage-buckets-via-the-control-panel#add-lifecycle-policy-available-for-s3-in-luxembourg-only)" guide. \ No newline at end of file +If you are using S3 storage in Luxembourg, you can manage your lifecycle policy for buckets in the Gcore Customer Portal according to the "[Manage buckets via the Gcore Customer Portal](/storage/manage-object-storage/manage-buckets-via-the-control-panel#add-lifecycle-policy-available-for-s3-in-luxembourg-only)" guide. + +## Protect objects from deletion with Object Lock + +To prevent objects from being deleted or overwritten, use S3 Object Lock. See [Protect objects with Object Lock](/storage/manage-object-storage/protect-objects-with-object-lock). \ No newline at end of file diff --git a/storage/manage-object-storage/protect-objects-with-object-lock.mdx b/storage/manage-object-storage/protect-objects-with-object-lock.mdx new file mode 100644 index 000000000..de43274c4 --- /dev/null +++ b/storage/manage-object-storage/protect-objects-with-object-lock.mdx @@ -0,0 +1,54 @@ +--- +title: Protect objects from deletion with Object Lock +sidebarTitle: Protect objects with Object Lock +ai-navigation: Use S3 Object Lock to prevent objects in Gcore S3 Standard storage from being deleted or overwritten for a defined retention period. Enable Object Lock at bucket creation with AWS CLI, set Compliance or Governance retention modes, and configure default retention policies using put-object-lock-configuration. +--- + +## Object Lock overview + +S3 Object Lock prevents objects from being deleted or modified for a specified retention period. It works via the S3 protocol, not the Gcore API. + +Object Lock must be enabled at bucket creation time — it cannot be activated on an existing bucket. Enabling Object Lock also enables versioning on the bucket automatically, so each object version can have its own retention period. + +Object Lock supports two retention modes: + +- Compliance — no user can delete or overwrite a protected object until its retention period expires, including account administrators. +- Governance — users with special IAM permissions can override or remove retention settings before the period expires. + + +Object Lock is currently supported on S3 Standard locations. Support for S3 Fast locations is not yet confirmed. + + +## Create a bucket with Object Lock enabled + +Run the following command to create a bucket with Object Lock enabled: + +```sh +aws s3api create-bucket \ + --bucket my-bucket \ + --object-lock-enabled-for-bucket \ + --endpoint-url=https://luxembourg-2.storage.gcore.dev +``` + +Replace: + +- `my-bucket` with the bucket name. +- `https://luxembourg-2.storage.gcore.dev` with the storage endpoint — available values are listed in [S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names). + +## Set a retention policy + +A default retention policy automatically applies to all new objects uploaded to the bucket. To set one, run: + +```sh +aws s3api put-object-lock-configuration \ + --bucket my-bucket \ + --object-lock-configuration '{"ObjectLockEnabled":"Enabled","Rule":{"DefaultRetention":{"Mode":"COMPLIANCE","Days":30}}}' \ + --endpoint-url=https://luxembourg-2.storage.gcore.dev +``` + +Replace: + +- `my-bucket` with the bucket name. +- `COMPLIANCE` with `GOVERNANCE` to use the governance retention mode instead. +- `30` with the number of days objects should be retained. +- `https://luxembourg-2.storage.gcore.dev` with the storage endpoint. \ No newline at end of file