From 6733ebbcb403972b56e09fb2c25eb8cefd1e68b9 Mon Sep 17 00:00:00 2001 From: John Andrew Villoso Date: Tue, 16 Jun 2026 19:19:19 +0800 Subject: [PATCH 01/11] DOC-1256: Add Object Lock section to lifecycle policy article Co-authored-by: Cursor --- ...om-a-bucket-automatically-with-aws-cli.mdx | 45 ++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx b/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx index 9e02a91f5..b1d9645c3 100644 --- a/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx +++ b/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx @@ -141,4 +141,47 @@ Replace: ## Manage a lifecycle policy with the UI -If you are using S3 storage in Luxembourg, you can manage your lifecycle policy for buckets in the Gcore Customer Portal according to the "[Manage buckets via the Gcore Customer Portal](/storage/manage-object-storage/manage-buckets-via-the-control-panel#add-lifecycle-policy-available-for-s3-in-luxembourg-only)" guide. \ No newline at end of file +If you are using S3 storage in Luxembourg, you can manage your lifecycle policy for buckets in the Gcore Customer Portal according to the "[Manage buckets via the Gcore Customer Portal](/storage/manage-object-storage/manage-buckets-via-the-control-panel#add-lifecycle-policy-available-for-s3-in-luxembourg-only)" guide. + +## Protect objects from deletion with Object Lock + +### What is Object Lock? + +S3 Object Lock allows you to protect objects from deletion or modification for a specified retention period. It works via the S3 protocol, not the Gcore API. + + +Object Lock is supported on CEPH-based Gcore storage locations (for example, `s-ed1.cloud.gcore.lu`). Support for VAST-based locations is not yet confirmed. + + +### Create a bucket with Object Lock enabled + +Object Lock must be enabled at bucket creation time. It cannot be activated on an existing bucket. + +```sh +aws s3api create-bucket \ + --bucket my-bucket \ + --object-lock-enabled-for-bucket \ + --endpoint-url=https://s-ed1.cloud.gcore.lu +``` + +Replace: + +- `my-bucket` with your bucket name. +- `https://s-ed1.cloud.gcore.lu` with your storage endpoint. To choose the correct value, refer to the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. + +### Set a retention policy + +To set a default retention policy on the bucket: + +```sh +aws s3api put-object-lock-configuration \ + --bucket my-bucket \ + --object-lock-configuration '{"ObjectLockEnabled":"Enabled","Rule":{"DefaultRetention":{"Mode":"COMPLIANCE","Days":30}}}' \ + --endpoint-url=https://s-ed1.cloud.gcore.lu +``` + +Replace: + +- `my-bucket` with your bucket name. +- `30` with the number of days objects should be retained. +- `https://s-ed1.cloud.gcore.lu` with your storage endpoint. \ No newline at end of file From 26d4328d8afad1912c194c5576aec6c9eb30300d Mon Sep 17 00:00:00 2001 From: John Andrew Villoso Date: Tue, 16 Jun 2026 19:52:48 +0800 Subject: [PATCH 02/11] DOC-1256: Note that Object Lock enables bucket versioning automatically Co-authored-by: Cursor --- ...emove-objects-from-a-bucket-automatically-with-aws-cli.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx b/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx index b1d9645c3..19d09b175 100644 --- a/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx +++ b/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx @@ -1,4 +1,4 @@ ---- +--- title: Remove objects from a bucket automatically with AWS CLI sidebarTitle: Set the Lifecycle policy ai-navigation: Configure lifecycle policies in Gcore Object Storage buckets using AWS CLI to automatically expire and remove objects based on age, with XML rule definitions specifying expiration days, object prefixes, and enabled status. @@ -155,7 +155,7 @@ Object Lock is supported on CEPH-based Gcore storage locations (for example, `s- ### Create a bucket with Object Lock enabled -Object Lock must be enabled at bucket creation time. It cannot be activated on an existing bucket. +Object Lock must be enabled at bucket creation time. It cannot be activated on an existing bucket. Enabling Object Lock also enables versioning on the bucket automatically. ```sh aws s3api create-bucket \ From a650912c8f3060231efebbae8c06809c4ef0bd23 Mon Sep 17 00:00:00 2001 From: John Andrew Villoso Date: Wed, 17 Jun 2026 00:50:34 +0800 Subject: [PATCH 03/11] DOC-1256: Fix endpoint URL, add retention modes explanation, use product tier names Co-authored-by: Cursor --- ...om-a-bucket-automatically-with-aws-cli.mdx | 29 +++++++++++-------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx b/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx index 19d09b175..cb8615edd 100644 --- a/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx +++ b/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx @@ -99,26 +99,26 @@ Where: 4\. Start the AWS CLI from the directory with the _lifecycle.json_ file and run the following command: ```sh -aws s3api put-bucket-lifecycle --bucket my_bucket --lifecycle-configuration file://lifecycle.json --endpoint-url=https://s-ed1.cloud.gcore.lu +aws s3api put-bucket-lifecycle --bucket my_bucket --lifecycle-configuration file://lifecycle.json --endpoint-url=https://luxembourg-2.storage.gcore.dev ``` Replace: * `my_bucket` name in the example with your bucket name. - * `https://s-ed1.cloud.gcore.lu` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. + * `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. 5\. Check if the policy was uploaded correctly with the following command: ```sh -aws s3api get-bucket-lifecycle-configuration --bucket my_bucket --endpoint-url=https://s-ed1.cloud.gcore.lu +aws s3api get-bucket-lifecycle-configuration --bucket my_bucket --endpoint-url=https://luxembourg-2.storage.gcore.dev ``` Replace: * `my_bucket` name in the example with your bucket name. - * `https://s-ed1.cloud.gcore.lu` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. + * `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. @@ -129,13 +129,13 @@ In the response, you should receive the uploaded JSON file. To delete the policy from the bucket, use the following command: ```sh -aws s3api delete-bucket-lifecycle --bucket my-bucket --endpoint-url=https://s-ed1.cloud.gcore.lu +aws s3api delete-bucket-lifecycle --bucket my-bucket --endpoint-url=https://luxembourg-2.storage.gcore.dev ``` Replace: * `my_bucket` name in the example with your bucket name. - * `https://s-ed1.cloud.gcore.lu` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. + * `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. @@ -150,24 +150,29 @@ If you are using S3 storage in Luxembourg, you can manage your lifecycle policy S3 Object Lock allows you to protect objects from deletion or modification for a specified retention period. It works via the S3 protocol, not the Gcore API. -Object Lock is supported on CEPH-based Gcore storage locations (for example, `s-ed1.cloud.gcore.lu`). Support for VAST-based locations is not yet confirmed. +Object Lock is currently supported on S3 Standard locations. Support for S3 Fast locations is not yet confirmed. ### Create a bucket with Object Lock enabled -Object Lock must be enabled at bucket creation time. It cannot be activated on an existing bucket. Enabling Object Lock also enables versioning on the bucket automatically. +Object Lock must be enabled at bucket creation time. It cannot be activated on an existing bucket. Enabling Object Lock also enables versioning on the bucket automatically — each object version can have its own retention period. + +Object Lock supports two retention modes: + +- **Compliance** — no user can delete or overwrite a protected object until its retention period expires, including account administrators. +- **Governance** — users with special IAM permissions can override or remove retention settings before the period expires. ```sh aws s3api create-bucket \ --bucket my-bucket \ --object-lock-enabled-for-bucket \ - --endpoint-url=https://s-ed1.cloud.gcore.lu + --endpoint-url=https://luxembourg-2.storage.gcore.dev ``` Replace: - `my-bucket` with your bucket name. -- `https://s-ed1.cloud.gcore.lu` with your storage endpoint. To choose the correct value, refer to the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. +- `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value, refer to the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. ### Set a retention policy @@ -177,11 +182,11 @@ To set a default retention policy on the bucket: aws s3api put-object-lock-configuration \ --bucket my-bucket \ --object-lock-configuration '{"ObjectLockEnabled":"Enabled","Rule":{"DefaultRetention":{"Mode":"COMPLIANCE","Days":30}}}' \ - --endpoint-url=https://s-ed1.cloud.gcore.lu + --endpoint-url=https://luxembourg-2.storage.gcore.dev ``` Replace: - `my-bucket` with your bucket name. - `30` with the number of days objects should be retained. -- `https://s-ed1.cloud.gcore.lu` with your storage endpoint. \ No newline at end of file +- `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. \ No newline at end of file From 017161a81cd08ca89e82471fd475ac75f4903f4a Mon Sep 17 00:00:00 2001 From: John Andrew Villoso Date: Wed, 17 Jun 2026 00:56:20 +0800 Subject: [PATCH 04/11] DOC-1256: Move Object Lock to separate article, add cross-link Co-authored-by: Cursor --- docs.json | 3 +- ...om-a-bucket-automatically-with-aws-cli.mdx | 46 +--------------- .../protect-objects-with-object-lock.mdx | 54 +++++++++++++++++++ 3 files changed, 57 insertions(+), 46 deletions(-) create mode 100644 storage/manage-object-storage/protect-objects-with-object-lock.mdx diff --git a/docs.json b/docs.json index d7a533e3a..070df10e8 100644 --- a/docs.json +++ b/docs.json @@ -1,4 +1,4 @@ -{ +{ "$schema": "https://mintlify.com/docs.json", "theme": "mint", "name": "Gcore Docs", @@ -1179,6 +1179,7 @@ "group": "Manage object storage", "pages": [ "storage/manage-object-storage/manage-buckets-via-the-control-panel", + "storage/manage-object-storage/protect-objects-with-object-lock", { "group": "Configure AWS CLI, S3cmd, and AWS JavaScript SDK", "pages": [ diff --git a/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx b/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx index cb8615edd..a83ecddaf 100644 --- a/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx +++ b/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx @@ -145,48 +145,4 @@ If you are using S3 storage in Luxembourg, you can manage your lifecycle policy ## Protect objects from deletion with Object Lock -### What is Object Lock? - -S3 Object Lock allows you to protect objects from deletion or modification for a specified retention period. It works via the S3 protocol, not the Gcore API. - - -Object Lock is currently supported on S3 Standard locations. Support for S3 Fast locations is not yet confirmed. - - -### Create a bucket with Object Lock enabled - -Object Lock must be enabled at bucket creation time. It cannot be activated on an existing bucket. Enabling Object Lock also enables versioning on the bucket automatically — each object version can have its own retention period. - -Object Lock supports two retention modes: - -- **Compliance** — no user can delete or overwrite a protected object until its retention period expires, including account administrators. -- **Governance** — users with special IAM permissions can override or remove retention settings before the period expires. - -```sh -aws s3api create-bucket \ - --bucket my-bucket \ - --object-lock-enabled-for-bucket \ - --endpoint-url=https://luxembourg-2.storage.gcore.dev -``` - -Replace: - -- `my-bucket` with your bucket name. -- `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value, refer to the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. - -### Set a retention policy - -To set a default retention policy on the bucket: - -```sh -aws s3api put-object-lock-configuration \ - --bucket my-bucket \ - --object-lock-configuration '{"ObjectLockEnabled":"Enabled","Rule":{"DefaultRetention":{"Mode":"COMPLIANCE","Days":30}}}' \ - --endpoint-url=https://luxembourg-2.storage.gcore.dev -``` - -Replace: - -- `my-bucket` with your bucket name. -- `30` with the number of days objects should be retained. -- `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. \ No newline at end of file +To prevent objects from being deleted or overwritten, use S3 Object Lock. See [Protect objects with Object Lock](/storage/manage-object-storage/protect-objects-with-object-lock). \ No newline at end of file diff --git a/storage/manage-object-storage/protect-objects-with-object-lock.mdx b/storage/manage-object-storage/protect-objects-with-object-lock.mdx new file mode 100644 index 000000000..03442403e --- /dev/null +++ b/storage/manage-object-storage/protect-objects-with-object-lock.mdx @@ -0,0 +1,54 @@ +--- +title: Protect objects from deletion with Object Lock +sidebarTitle: Protect objects with Object Lock +ai-navigation: Use S3 Object Lock to prevent objects in Gcore S3 Standard storage from being deleted or overwritten for a defined retention period. Enable Object Lock at bucket creation with AWS CLI, set Compliance or Governance retention modes, and configure default retention policies using put-object-lock-configuration. +--- + +S3 Object Lock allows you to protect objects from deletion or modification for a specified retention period. It works via the S3 protocol, not the Gcore API. + + +Object Lock is currently supported on S3 Standard locations. Support for S3 Fast locations is not yet confirmed. + + +## Before you begin + +Object Lock must be enabled at bucket creation time — it cannot be activated on an existing bucket. Enabling Object Lock also enables versioning on the bucket automatically. Each object version can have its own retention period. + +Object Lock supports two retention modes: + +- **Compliance** — no user can delete or overwrite a protected object until its retention period expires, including account administrators. +- **Governance** — users with special IAM permissions can override or remove retention settings before the period expires. + +## Create a bucket with Object Lock enabled + +Run the following command to create a bucket with Object Lock enabled: + +```sh +aws s3api create-bucket \ + --bucket my-bucket \ + --object-lock-enabled-for-bucket \ + --endpoint-url=https://luxembourg-2.storage.gcore.dev +``` + +Replace: + +- `my-bucket` with your bucket name. +- `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value, refer to the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. + +## Set a default retention policy + +A default retention policy automatically applies to all new objects uploaded to the bucket. To set one, run: + +```sh +aws s3api put-object-lock-configuration \ + --bucket my-bucket \ + --object-lock-configuration '{"ObjectLockEnabled":"Enabled","Rule":{"DefaultRetention":{"Mode":"COMPLIANCE","Days":30}}}' \ + --endpoint-url=https://luxembourg-2.storage.gcore.dev +``` + +Replace: + +- `my-bucket` with your bucket name. +- `COMPLIANCE` with `GOVERNANCE` if you prefer the governance retention mode. +- `30` with the number of days objects should be retained. +- `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. \ No newline at end of file From e1e093053f2bf2761bbbdefd5ce5070e79859a53 Mon Sep 17 00:00:00 2001 From: John Andrew Villoso Date: Wed, 17 Jun 2026 14:22:44 +0800 Subject: [PATCH 05/11] chore: trigger Mintlify re-index for new Object Lock article Co-authored-by: Cursor From 9296350080dc8c8606288afb8187f1c7e3a7f87d Mon Sep 17 00:00:00 2001 From: John Andrew Villoso Date: Wed, 17 Jun 2026 14:40:27 +0800 Subject: [PATCH 06/11] fix: remove BOM from docs.json Co-authored-by: Cursor --- docs.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs.json b/docs.json index 070df10e8..8bf0d2346 100644 --- a/docs.json +++ b/docs.json @@ -1,4 +1,4 @@ -{ +{ "$schema": "https://mintlify.com/docs.json", "theme": "mint", "name": "Gcore Docs", From cfc1126d8a4c369f747f0168f4e0ee9651db9b25 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 17 Jun 2026 06:40:59 +0000 Subject: [PATCH 07/11] chore: normalize images and update llms.txt --- llms-full.txt | 3 ++- llms.txt | 2 +- storage/llms.txt | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/llms-full.txt b/llms-full.txt index 81743b43e..ba782f88c 100644 --- a/llms-full.txt +++ b/llms-full.txt @@ -1,6 +1,6 @@ # Gcore Docs - Full Index -> Complete article index across all Gcore products. 578 articles. +> Complete article index across all Gcore products. 579 articles. > Use this file for offline indexing, bulk vectorization, or large-context retrieval. # Gcore Account settings @@ -711,6 +711,7 @@ ## Manage object storage - [Managing buckets through the customer portal](https://gcore.com/docs/storage/manage-object-storage/manage-buckets-via-the-control-panel.md): Create S3 buckets in Gcore Object Storage with naming constraints (3-63 characters, lowercase, no underscores or consecutive dots), configure CORS policy per bucket, and manage file uploads via the customer portal file manager using Access Key and Secret Key authentication. +- [Protect objects from deletion with Object Lock](https://gcore.com/docs/storage/manage-object-storage/protect-objects-with-object-lock.md): Use S3 Object Lock to prevent objects in Gcore S3 Standard storage from being deleted or overwritten for a defined retention period. Enable Object Lock at bucket creation with AWS CLI, set Compliance or Governance retention modes, and configure default retention policies using put-object-lock-configuration. ## Configure AWS CLI, S3cmd, and AWS JavaScript SDK - [Connect AWS CLI, S3cmd, and AWS JavaScript SDK](https://gcore.com/docs/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/connect-aws-cli-s3cmd-and-aws-sdk.md): Configure AWS CLI and S3cmd to access Gcore Object Storage using S3-compatible credentials - Access Key, Secret Key, and storage region endpoint via aws configure and s3cmd --configure commands. diff --git a/llms.txt b/llms.txt index 72d8e6126..de0fe8321 100644 --- a/llms.txt +++ b/llms.txt @@ -16,7 +16,7 @@ - [Gclaw](https://gcore.com/docs/gclaw/llms.txt): Managed OpenClaw service with built-in inference for launching AI agents instantly (10 articles). - [Managed DNS](https://gcore.com/docs/dns/llms.txt): Manage DNS zones and records using Gcore Managed DNS with Anycast routing, geo-balancing, health checks, DNSSEC, and OctoDNS and Certbot plugin integration (20 articles). - [Hosting](https://gcore.com/docs/hosting/llms.txt): Order and manage Gcore Dedicated Servers and Virtual Servers with DDoS protection, BGP, SSL certificates, account management, billing, and API-based server management (82 articles). -- [Object Storage](https://gcore.com/docs/storage/llms.txt): Store and manage data in Gcore S3-compatible Object Storage with S3 Fast (high-performance AI/ML workloads), S3 Standard (general-purpose backups), and SFTP storage types (15 articles). +- [Object Storage](https://gcore.com/docs/storage/llms.txt): Store and manage data in Gcore S3-compatible Object Storage with S3 Fast (high-performance AI/ML workloads), S3 Standard (general-purpose backups), and SFTP storage types (16 articles). - [Video Streaming](https://gcore.com/docs/streaming/llms.txt): Gcore Video Streaming is a high-load video streaming PaaS. Scale to 1M+ viewers and beyond (66 articles). - [DDoS protection](https://gcore.com/docs/ddos-protection/llms.txt): Protect servers and Virtual Machines against DDoS attacks using Gcore Advanced DDoS Protection with traffic redirection to a mitigation system for filtering attack traffic (16 articles). - [Edge Proxy](https://gcore.com/docs/edge-proxy/llms.txt): Deploy Edge Proxy DDoS protection on Gcore CDN edge infrastructure using Anycast IP addresses, translation rules mapping origin IP/port/protocol/application type, and globally distributed Points of Presence for multi-terabit filtering capacity (3 articles). diff --git a/storage/llms.txt b/storage/llms.txt index 76eee1789..1e8d89a0d 100644 --- a/storage/llms.txt +++ b/storage/llms.txt @@ -9,6 +9,7 @@ ## Manage object storage - [Managing buckets through the customer portal](https://gcore.com/docs/storage/manage-object-storage/manage-buckets-via-the-control-panel.md): Create S3 buckets in Gcore Object Storage with naming constraints (3-63 characters, lowercase, no underscores or consecutive dots), configure CORS policy per bucket, and manage file uploads via the customer portal file manager using Access Key and Secret Key authentication. +- [Protect objects from deletion with Object Lock](https://gcore.com/docs/storage/manage-object-storage/protect-objects-with-object-lock.md): Use S3 Object Lock to prevent objects in Gcore S3 Standard storage from being deleted or overwritten for a defined retention period. Enable Object Lock at bucket creation with AWS CLI, set Compliance or Governance retention modes, and configure default retention policies using put-object-lock-configuration. ## Configure AWS CLI, S3cmd, and AWS JavaScript SDK - [Connect AWS CLI, S3cmd, and AWS JavaScript SDK](https://gcore.com/docs/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/connect-aws-cli-s3cmd-and-aws-sdk.md): Configure AWS CLI and S3cmd to access Gcore Object Storage using S3-compatible credentials - Access Key, Secret Key, and storage region endpoint via aws configure and s3cmd --configure commands. From 91c5c9704c3f7ad5a0fdc10051810565c423c604 Mon Sep 17 00:00:00 2001 From: John Andrew Villoso Date: Wed, 17 Jun 2026 14:49:00 +0800 Subject: [PATCH 08/11] DOC-1256: Restore What is Object Lock section heading Co-authored-by: Cursor --- .../protect-objects-with-object-lock.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/storage/manage-object-storage/protect-objects-with-object-lock.mdx b/storage/manage-object-storage/protect-objects-with-object-lock.mdx index 03442403e..2f052a5e1 100644 --- a/storage/manage-object-storage/protect-objects-with-object-lock.mdx +++ b/storage/manage-object-storage/protect-objects-with-object-lock.mdx @@ -1,9 +1,11 @@ ---- +--- title: Protect objects from deletion with Object Lock sidebarTitle: Protect objects with Object Lock ai-navigation: Use S3 Object Lock to prevent objects in Gcore S3 Standard storage from being deleted or overwritten for a defined retention period. Enable Object Lock at bucket creation with AWS CLI, set Compliance or Governance retention modes, and configure default retention policies using put-object-lock-configuration. --- +## What is Object Lock? + S3 Object Lock allows you to protect objects from deletion or modification for a specified retention period. It works via the S3 protocol, not the Gcore API. From 1e23922201bf5afc6989a679f6fd4299138bd953 Mon Sep 17 00:00:00 2001 From: John Andrew Villoso Date: Wed, 17 Jun 2026 14:53:15 +0800 Subject: [PATCH 09/11] DOC-1256: Fix article structure to match Jira task scope Co-authored-by: Cursor --- .../protect-objects-with-object-lock.mdx | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/storage/manage-object-storage/protect-objects-with-object-lock.mdx b/storage/manage-object-storage/protect-objects-with-object-lock.mdx index 2f052a5e1..e0adfb728 100644 --- a/storage/manage-object-storage/protect-objects-with-object-lock.mdx +++ b/storage/manage-object-storage/protect-objects-with-object-lock.mdx @@ -8,19 +8,17 @@ ai-navigation: Use S3 Object Lock to prevent objects in Gcore S3 Standard storag S3 Object Lock allows you to protect objects from deletion or modification for a specified retention period. It works via the S3 protocol, not the Gcore API. - -Object Lock is currently supported on S3 Standard locations. Support for S3 Fast locations is not yet confirmed. - - -## Before you begin - -Object Lock must be enabled at bucket creation time — it cannot be activated on an existing bucket. Enabling Object Lock also enables versioning on the bucket automatically. Each object version can have its own retention period. +Enabling Object Lock also enables versioning on the bucket automatically. Each object version can have its own retention period. Object Lock supports two retention modes: - **Compliance** — no user can delete or overwrite a protected object until its retention period expires, including account administrators. - **Governance** — users with special IAM permissions can override or remove retention settings before the period expires. + +Object Lock must be enabled at bucket creation time — it cannot be activated on an existing bucket. Object Lock is currently supported on S3 Standard locations. Support for S3 Fast locations is not yet confirmed. + + ## Create a bucket with Object Lock enabled Run the following command to create a bucket with Object Lock enabled: @@ -37,7 +35,7 @@ Replace: - `my-bucket` with your bucket name. - `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value, refer to the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. -## Set a default retention policy +## Set a retention policy A default retention policy automatically applies to all new objects uploaded to the bucket. To set one, run: From d117dbc6ffa162dc3beeb1810427c2081ae44a93 Mon Sep 17 00:00:00 2001 From: John Andrew Villoso Date: Wed, 17 Jun 2026 15:00:47 +0800 Subject: [PATCH 10/11] DOC-1256: Fix style guide violations in Object Lock article Co-authored-by: Cursor --- .../protect-objects-with-object-lock.mdx | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/storage/manage-object-storage/protect-objects-with-object-lock.mdx b/storage/manage-object-storage/protect-objects-with-object-lock.mdx index e0adfb728..de43274c4 100644 --- a/storage/manage-object-storage/protect-objects-with-object-lock.mdx +++ b/storage/manage-object-storage/protect-objects-with-object-lock.mdx @@ -4,19 +4,19 @@ sidebarTitle: Protect objects with Object Lock ai-navigation: Use S3 Object Lock to prevent objects in Gcore S3 Standard storage from being deleted or overwritten for a defined retention period. Enable Object Lock at bucket creation with AWS CLI, set Compliance or Governance retention modes, and configure default retention policies using put-object-lock-configuration. --- -## What is Object Lock? +## Object Lock overview -S3 Object Lock allows you to protect objects from deletion or modification for a specified retention period. It works via the S3 protocol, not the Gcore API. +S3 Object Lock prevents objects from being deleted or modified for a specified retention period. It works via the S3 protocol, not the Gcore API. -Enabling Object Lock also enables versioning on the bucket automatically. Each object version can have its own retention period. +Object Lock must be enabled at bucket creation time — it cannot be activated on an existing bucket. Enabling Object Lock also enables versioning on the bucket automatically, so each object version can have its own retention period. Object Lock supports two retention modes: -- **Compliance** — no user can delete or overwrite a protected object until its retention period expires, including account administrators. -- **Governance** — users with special IAM permissions can override or remove retention settings before the period expires. +- Compliance — no user can delete or overwrite a protected object until its retention period expires, including account administrators. +- Governance — users with special IAM permissions can override or remove retention settings before the period expires. -Object Lock must be enabled at bucket creation time — it cannot be activated on an existing bucket. Object Lock is currently supported on S3 Standard locations. Support for S3 Fast locations is not yet confirmed. +Object Lock is currently supported on S3 Standard locations. Support for S3 Fast locations is not yet confirmed. ## Create a bucket with Object Lock enabled @@ -32,8 +32,8 @@ aws s3api create-bucket \ Replace: -- `my-bucket` with your bucket name. -- `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value, refer to the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide. +- `my-bucket` with the bucket name. +- `https://luxembourg-2.storage.gcore.dev` with the storage endpoint — available values are listed in [S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names). ## Set a retention policy @@ -48,7 +48,7 @@ aws s3api put-object-lock-configuration \ Replace: -- `my-bucket` with your bucket name. -- `COMPLIANCE` with `GOVERNANCE` if you prefer the governance retention mode. +- `my-bucket` with the bucket name. +- `COMPLIANCE` with `GOVERNANCE` to use the governance retention mode instead. - `30` with the number of days objects should be retained. -- `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. \ No newline at end of file +- `https://luxembourg-2.storage.gcore.dev` with the storage endpoint. \ No newline at end of file From 1ae9e01684104da431f6e5bbedafceba81b2588d Mon Sep 17 00:00:00 2001 From: John Andrew Villoso Date: Wed, 17 Jun 2026 16:01:10 +0800 Subject: [PATCH 11/11] DOC-1256: Replace deletion timing prose with table Co-authored-by: Cursor --- ...-from-a-bucket-automatically-with-aws-cli.mdx | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx b/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx index a83ecddaf..f5fa7ac96 100644 --- a/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx +++ b/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx @@ -1,4 +1,4 @@ ---- +--- title: Remove objects from a bucket automatically with AWS CLI sidebarTitle: Set the Lifecycle policy ai-navigation: Configure lifecycle policies in Gcore Object Storage buckets using AWS CLI to automatically expire and remove objects based on age, with XML rule definitions specifying expiration days, object prefixes, and enabled status. @@ -12,15 +12,15 @@ There are several ways to utilize a Lifecycle Policy. Gcore supports a lifecycle ## Lifecycle policy logic -The process of removing objects starts around midnight UTC. - -Three lifecycle states determine the removal time for an object: - -**1\. A lifecycle policy is set before the objects are uploaded.** For example, if the lifecycle policy is set for 1 day and you upload your object on January 2nd, it will be removed on January 4th. +Object deletion is processed around midnight UTC. The table below shows when an object is deleted based on the scenario. -**2\. A lifecycle policy is set after the objects are uploaded.** If you upload an object on January 1st (at any time) and then set a lifecycle policy with a file expiration time of 1 day, the file will be deleted on January 3rd. +| Scenario | Upload date | Policy set | Expiration (days) | Deleted on | +|---|---|---|---|---| +| Policy exists before upload | Jan 2 | Before Jan 2 | 1 | Jan 4 | +| Policy set after upload | Jan 1 | After Jan 1 | 1 | Jan 3 | +| Policy removed | Any | Removed | — | Never | -**3\. A lifecycle policy is removed.** If you delete the lifecycle policy from the bucket, the object it was applied to will not be removed. +The midnight UTC processing window means deletion happens at the next processing cycle after the expiration period ends — not at the exact moment the period expires. ## Gcore lifecycle configuration elements