DOC-1256: Add Object Lock section to lifecycle policy article

docs.json

@@ -1179,6 +1179,7 @@
                 "group": "Manage object storage",
                 "pages": [
                   "storage/manage-object-storage/manage-buckets-via-the-control-panel",
+                  "storage/manage-object-storage/protect-objects-with-object-lock",
                   {
                     "group": "Configure AWS CLI, S3cmd, and AWS JavaScript SDK",
                     "pages": [

llms-full.txt

@@ -1,6 +1,6 @@
 # Gcore Docs - Full Index
 
-> Complete article index across all Gcore products. 578 articles.
+> Complete article index across all Gcore products. 579 articles.
 > Use this file for offline indexing, bulk vectorization, or large-context retrieval.
 # Gcore Account settings
 
@@ -711,6 +711,7 @@
 
 ## Manage object storage
 - [Managing buckets through the customer portal](https://gcore.com/docs/storage/manage-object-storage/manage-buckets-via-the-control-panel.md): Create S3 buckets in Gcore Object Storage with naming constraints (3-63 characters, lowercase, no underscores or consecutive dots), configure CORS policy per bucket, and manage file uploads via the customer portal file manager using Access Key and Secret Key authentication.
+- [Protect objects from deletion with Object Lock](https://gcore.com/docs/storage/manage-object-storage/protect-objects-with-object-lock.md): Use S3 Object Lock to prevent objects in Gcore S3 Standard storage from being deleted or overwritten for a defined retention period. Enable Object Lock at bucket creation with AWS CLI, set Compliance or Governance retention modes, and configure default retention policies using put-object-lock-configuration.
 
 ## Configure AWS CLI, S3cmd, and AWS JavaScript SDK
 - [Connect AWS CLI, S3cmd, and AWS JavaScript SDK](https://gcore.com/docs/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/connect-aws-cli-s3cmd-and-aws-sdk.md): Configure AWS CLI and S3cmd to access Gcore Object Storage using S3-compatible credentials - Access Key, Secret Key, and storage region endpoint via aws configure and s3cmd --configure commands.

llms.txt

@@ -16,7 +16,7 @@
 - [Gclaw](https://gcore.com/docs/gclaw/llms.txt): Managed OpenClaw service with built-in inference for launching AI agents instantly (10 articles).
 - [Managed DNS](https://gcore.com/docs/dns/llms.txt): Manage DNS zones and records using Gcore Managed DNS with Anycast routing, geo-balancing, health checks, DNSSEC, and OctoDNS and Certbot plugin integration (20 articles).
 - [Hosting](https://gcore.com/docs/hosting/llms.txt): Order and manage Gcore Dedicated Servers and Virtual Servers with DDoS protection, BGP, SSL certificates, account management, billing, and API-based server management (82 articles).
-- [Object Storage](https://gcore.com/docs/storage/llms.txt): Store and manage data in Gcore S3-compatible Object Storage with S3 Fast (high-performance AI/ML workloads), S3 Standard (general-purpose backups), and SFTP storage types (15 articles).
+- [Object Storage](https://gcore.com/docs/storage/llms.txt): Store and manage data in Gcore S3-compatible Object Storage with S3 Fast (high-performance AI/ML workloads), S3 Standard (general-purpose backups), and SFTP storage types (16 articles).
 - [Video Streaming](https://gcore.com/docs/streaming/llms.txt): Gcore Video Streaming is a high-load video streaming PaaS. Scale to 1M+ viewers and beyond (66 articles).
 - [DDoS protection](https://gcore.com/docs/ddos-protection/llms.txt): Protect servers and Virtual Machines against DDoS attacks using Gcore Advanced DDoS Protection with traffic redirection to a mitigation system for filtering attack traffic (16 articles).
 - [Edge Proxy](https://gcore.com/docs/edge-proxy/llms.txt): Deploy Edge Proxy DDoS protection on Gcore CDN edge infrastructure using Anycast IP addresses, translation rules mapping origin IP/port/protocol/application type, and globally distributed Points of Presence for multi-terabit filtering capacity (3 articles).

storage/llms.txt

@@ -9,6 +9,7 @@
 
 ## Manage object storage
 - [Managing buckets through the customer portal](https://gcore.com/docs/storage/manage-object-storage/manage-buckets-via-the-control-panel.md): Create S3 buckets in Gcore Object Storage with naming constraints (3-63 characters, lowercase, no underscores or consecutive dots), configure CORS policy per bucket, and manage file uploads via the customer portal file manager using Access Key and Secret Key authentication.
+- [Protect objects from deletion with Object Lock](https://gcore.com/docs/storage/manage-object-storage/protect-objects-with-object-lock.md): Use S3 Object Lock to prevent objects in Gcore S3 Standard storage from being deleted or overwritten for a defined retention period. Enable Object Lock at bucket creation with AWS CLI, set Compliance or Governance retention modes, and configure default retention policies using put-object-lock-configuration.
 
 ## Configure AWS CLI, S3cmd, and AWS JavaScript SDK
 - [Connect AWS CLI, S3cmd, and AWS JavaScript SDK](https://gcore.com/docs/storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/connect-aws-cli-s3cmd-and-aws-sdk.md): Configure AWS CLI and S3cmd to access Gcore Object Storage using S3-compatible credentials - Access Key, Secret Key, and storage region endpoint via aws configure and s3cmd --configure commands.

storage/manage-object-storage/configure-aws-sli-s3cmd-and-aws-javascript-sdk/remove-objects-from-a-bucket-automatically-with-aws-cli.mdx

@@ -1,28 +1,28 @@
 ---
 title: Remove objects from a bucket automatically with AWS CLI
 sidebarTitle: Set the Lifecycle policy
 ai-navigation: Configure lifecycle policies in Gcore Object Storage buckets using AWS CLI to automatically expire and remove objects based on age, with XML rule definitions specifying expiration days, object prefixes, and enabled status.
 ---
 
 ## What is a lifecycle policy?
 
 A lifecycle policy is a file written in XML (or JSON) format that contains rules for automating the movement of objects from one stage of their lifecycle to another. The movement is typically based on the "age" and size of the object, as well as other parameters. You can find more information on the different parameters in the [Amazon documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html).
 
 There are several ways to utilize a Lifecycle Policy. Gcore supports a lifecycle policy, which allows you to set an expiration time for an object and automatically remove it from the bucket once the expiration time is reached.
 
 ## Lifecycle policy logic
 
-The process of removing objects starts around midnight UTC.
+Object deletion is processed around midnight UTC. The table below shows when an object is deleted based on the scenario.
 
-Three lifecycle states determine the removal time for an object:
+| Scenario | Upload date | Policy set | Expiration (days) | Deleted on |
+|---|---|---|---|---|
+| Policy exists before upload | Jan 2 | Before Jan 2 | 1 | Jan 4 |
+| Policy set after upload | Jan 1 | After Jan 1 | 1 | Jan 3 |
+| Policy removed | Any | Removed | — | Never |
 
-**1\. A lifecycle policy is set before the objects are uploaded.** For example, if the lifecycle policy is set for 1 day and you upload your object on January 2nd, it will be removed on January 4th.
-
-**2\. A lifecycle policy is set after the objects are uploaded.** If you upload an object on January 1st (at any time) and then set a lifecycle policy with a file expiration time of 1 day, the file will be deleted on January 3rd.
-
-**3\. A lifecycle policy is removed.** If you delete the lifecycle policy from the bucket, the object it was applied to will not be removed.
+The midnight UTC processing window means deletion happens at the next processing cycle after the expiration period ends — not at the exact moment the period expires.
 
 ## Gcore lifecycle configuration elements
 
 Here is an example of a completed XML file with the lifecycle policy:
 
@@ -99,26 +99,26 @@
 4\. Start the AWS CLI from the directory with the _lifecycle.json_ file and run the following command:
 
 ```sh
-aws s3api put-bucket-lifecycle --bucket my_bucket --lifecycle-configuration file://lifecycle.json --endpoint-url=https://s-ed1.cloud.gcore.lu 
+aws s3api put-bucket-lifecycle --bucket my_bucket --lifecycle-configuration file://lifecycle.json --endpoint-url=https://luxembourg-2.storage.gcore.dev 
  ```
 
 Replace:
 
   * `my_bucket` name in the example with your bucket name.
-  * `https://s-ed1.cloud.gcore.lu` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide.
+  * `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide.
 
 
 
 5\. Check if the policy was uploaded correctly with the following command:
 
 ```sh
-aws s3api get-bucket-lifecycle-configuration --bucket my_bucket --endpoint-url=https://s-ed1.cloud.gcore.lu 
+aws s3api get-bucket-lifecycle-configuration --bucket my_bucket --endpoint-url=https://luxembourg-2.storage.gcore.dev 
  ```
 
 Replace:
 
   * `my_bucket` name in the example with your bucket name.
-  * `https://s-ed1.cloud.gcore.lu` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide.
+  * `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide.
 
 
 
@@ -129,16 +129,20 @@
 To delete the policy from the bucket, use the following command:
 
 ```sh
-aws s3api delete-bucket-lifecycle --bucket my-bucket --endpoint-url=https://s-ed1.cloud.gcore.lu
+aws s3api delete-bucket-lifecycle --bucket my-bucket --endpoint-url=https://luxembourg-2.storage.gcore.dev
  ```
 
 Replace:
 
   * `my_bucket` name in the example with your bucket name.
-  * `https://s-ed1.cloud.gcore.lu` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide.
+  * `https://luxembourg-2.storage.gcore.dev` with your storage endpoint. To choose the correct value for this parameter, use the "[S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names)" guide.
 
 
 
 ## Manage a lifecycle policy with the UI
 
-If you are using S3 storage in Luxembourg, you can manage your lifecycle policy for buckets in the Gcore Customer Portal according to the "[Manage buckets via the Gcore Customer Portal](/storage/manage-object-storage/manage-buckets-via-the-control-panel#add-lifecycle-policy-available-for-s3-in-luxembourg-only)" guide.
+If you are using S3 storage in Luxembourg, you can manage your lifecycle policy for buckets in the Gcore Customer Portal according to the "[Manage buckets via the Gcore Customer Portal](/storage/manage-object-storage/manage-buckets-via-the-control-panel#add-lifecycle-policy-available-for-s3-in-luxembourg-only)" guide.
+
+## Protect objects from deletion with Object Lock
+
+To prevent objects from being deleted or overwritten, use S3 Object Lock. See [Protect objects with Object Lock](/storage/manage-object-storage/protect-objects-with-object-lock).

storage/manage-object-storage/protect-objects-with-object-lock.mdx

@@ -0,0 +1,54 @@
+---
+title: Protect objects from deletion with Object Lock
+sidebarTitle: Protect objects with Object Lock
+ai-navigation: Use S3 Object Lock to prevent objects in Gcore S3 Standard storage from being deleted or overwritten for a defined retention period. Enable Object Lock at bucket creation with AWS CLI, set Compliance or Governance retention modes, and configure default retention policies using put-object-lock-configuration.
+---
+
+## Object Lock overview
+
+S3 Object Lock prevents objects from being deleted or modified for a specified retention period. It works via the S3 protocol, not the Gcore API.
+
+Object Lock must be enabled at bucket creation time — it cannot be activated on an existing bucket. Enabling Object Lock also enables versioning on the bucket automatically, so each object version can have its own retention period.
+
+Object Lock supports two retention modes:
+
+- Compliance — no user can delete or overwrite a protected object until its retention period expires, including account administrators.
+- Governance — users with special IAM permissions can override or remove retention settings before the period expires.
+
+<Info>
+Object Lock is currently supported on S3 Standard locations. Support for S3 Fast locations is not yet confirmed.
+</Info>
+
+## Create a bucket with Object Lock enabled
+
+Run the following command to create a bucket with Object Lock enabled:
+
+```sh
+aws s3api create-bucket \
+  --bucket my-bucket \
+  --object-lock-enabled-for-bucket \
+  --endpoint-url=https://luxembourg-2.storage.gcore.dev
+```
+
+Replace:
+
+- `my-bucket` with the bucket name.
+- `https://luxembourg-2.storage.gcore.dev` with the storage endpoint — available values are listed in [S3 service URLs and default region names](/storage/manage-object-storage/s3-service-urls-and-default-region-names).
+
+## Set a retention policy
+
+A default retention policy automatically applies to all new objects uploaded to the bucket. To set one, run:
+
+```sh
+aws s3api put-object-lock-configuration \
+  --bucket my-bucket \
+  --object-lock-configuration '{"ObjectLockEnabled":"Enabled","Rule":{"DefaultRetention":{"Mode":"COMPLIANCE","Days":30}}}' \
+  --endpoint-url=https://luxembourg-2.storage.gcore.dev
+```
+
+Replace:
+
+- `my-bucket` with the bucket name.
+- `COMPLIANCE` with `GOVERNANCE` to use the governance retention mode instead.
+- `30` with the number of days objects should be retained.
+- `https://luxembourg-2.storage.gcore.dev` with the storage endpoint.