Use PutObjectLockConfiguration with an AWS SDK or CLI
The following code examples show how to use PutObjectLockConfiguration.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
- .NET
-
- AWS SDK for .NET
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. Set the object lock configuration of a bucket.
/// <summary> /// Enable object lock on an existing bucket. /// </summary> /// <param name="bucketName">The name of the bucket to modify.</param> /// <returns>True if successful.</returns> public async Task<bool> EnableObjectLockOnBucket(string bucketName) { try { // First, enable Versioning on the bucket. await _amazonS3.PutBucketVersioningAsync(new PutBucketVersioningRequest() { BucketName = bucketName, VersioningConfig = new S3BucketVersioningConfig() { EnableMfaDelete = false, Status = VersionStatus.Enabled } }); var request = new PutObjectLockConfigurationRequest() { BucketName = bucketName, ObjectLockConfiguration = new ObjectLockConfiguration() { ObjectLockEnabled = new ObjectLockEnabled("Enabled"), }, }; var response = await _amazonS3.PutObjectLockConfigurationAsync(request); Console.WriteLine($"\tAdded an object lock policy to bucket {bucketName}."); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } catch (AmazonS3Exception ex) { Console.WriteLine($"Error modifying object lock: '{ex.Message}'"); return false; } }Set the default retention period of a bucket.
/// <summary> /// Set or modify a retention period on an S3 bucket. /// </summary> /// <param name="bucketName">The bucket to modify.</param> /// <param name="retention">The retention mode.</param> /// <param name="retainUntilDate">The date for retention until.</param> /// <returns>True if successful.</returns> public async Task<bool> ModifyBucketDefaultRetention(string bucketName, bool enableObjectLock, ObjectLockRetentionMode retention, DateTime retainUntilDate) { var enabledString = enableObjectLock ? "Enabled" : "Disabled"; var timeDifference = retainUntilDate.Subtract(DateTime.Now); try { // First, enable Versioning on the bucket. await _amazonS3.PutBucketVersioningAsync(new PutBucketVersioningRequest() { BucketName = bucketName, VersioningConfig = new S3BucketVersioningConfig() { EnableMfaDelete = false, Status = VersionStatus.Enabled } }); var request = new PutObjectLockConfigurationRequest() { BucketName = bucketName, ObjectLockConfiguration = new ObjectLockConfiguration() { ObjectLockEnabled = new ObjectLockEnabled(enabledString), Rule = new ObjectLockRule() { DefaultRetention = new DefaultRetention() { Mode = retention, Days = timeDifference.Days // Can be specified in days or years but not both. } } } }; var response = await _amazonS3.PutObjectLockConfigurationAsync(request); Console.WriteLine($"\tAdded a default retention to bucket {bucketName}."); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } catch (AmazonS3Exception ex) { Console.WriteLine($"\tError modifying object lock: '{ex.Message}'"); return false; } }-
For API details, see PutObjectLockConfiguration in AWS SDK for .NET API Reference.
-
- CLI
-
- AWS CLI
-
To set an object lock configuration on a bucket
The following
put-object-lock-configurationexample sets a 50-day object lock on the specified bucket.aws s3api put-object-lock-configuration \ --bucketmy-bucket-with-object-lock\ --object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "COMPLIANCE", "Days": 50 }}}'This command produces no output.
-
For API details, see PutObjectLockConfiguration
in AWS CLI Command Reference.
-
- Go
-
- SDK for Go V2
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. Set the object lock configuration of a bucket.
import ( "bytes" "context" "errors" "fmt" "log" "time" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/feature/s3/manager" "github.com/aws/aws-sdk-go-v2/service/s3" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go" ) // S3Actions wraps S3 service actions. type S3Actions struct { S3Client *s3.Client S3Manager *manager.Uploader } // EnableObjectLockOnBucket enables object locking on an existing bucket. func (actor S3Actions) EnableObjectLockOnBucket(ctx context.Context, bucket string) error { // Versioning must be enabled on the bucket before object locking is enabled. verInput := &s3.PutBucketVersioningInput{ Bucket: aws.String(bucket), VersioningConfiguration: &types.VersioningConfiguration{ MFADelete: types.MFADeleteDisabled, Status: types.BucketVersioningStatusEnabled, }, } _, err := actor.S3Client.PutBucketVersioning(ctx, verInput) if err != nil { var noBucket *types.NoSuchBucket if errors.As(err, &noBucket) { log.Printf("Bucket %s does not exist.\n", bucket) err = noBucket } return err } input := &s3.PutObjectLockConfigurationInput{ Bucket: aws.String(bucket), ObjectLockConfiguration: &types.ObjectLockConfiguration{ ObjectLockEnabled: types.ObjectLockEnabledEnabled, }, } _, err = actor.S3Client.PutObjectLockConfiguration(ctx, input) if err != nil { var noBucket *types.NoSuchBucket if errors.As(err, &noBucket) { log.Printf("Bucket %s does not exist.\n", bucket) err = noBucket } } return err }Set the default retention period of a bucket.
import ( "bytes" "context" "errors" "fmt" "log" "time" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/feature/s3/manager" "github.com/aws/aws-sdk-go-v2/service/s3" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/smithy-go" ) // S3Actions wraps S3 service actions. type S3Actions struct { S3Client *s3.Client S3Manager *manager.Uploader } // ModifyDefaultBucketRetention modifies the default retention period of an existing bucket. func (actor S3Actions) ModifyDefaultBucketRetention( ctx context.Context, bucket string, lockMode types.ObjectLockEnabled, retentionPeriod int32, retentionMode types.ObjectLockRetentionMode) error { input := &s3.PutObjectLockConfigurationInput{ Bucket: aws.String(bucket), ObjectLockConfiguration: &types.ObjectLockConfiguration{ ObjectLockEnabled: lockMode, Rule: &types.ObjectLockRule{ DefaultRetention: &types.DefaultRetention{ Days: aws.Int32(retentionPeriod), Mode: retentionMode, }, }, }, } _, err := actor.S3Client.PutObjectLockConfiguration(ctx, input) if err != nil { var noBucket *types.NoSuchBucket if errors.As(err, &noBucket) { log.Printf("Bucket %s does not exist.\n", bucket) err = noBucket } } return err }-
For API details, see PutObjectLockConfiguration
in AWS SDK for Go API Reference.
-
- Java
-
- SDK for Java 2.x
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. Set the object lock configuration of a bucket.
// Enable object lock on an existing bucket. public void enableObjectLockOnBucket(String bucketName) { try { VersioningConfiguration versioningConfiguration = VersioningConfiguration.builder() .status(BucketVersioningStatus.ENABLED) .build(); PutBucketVersioningRequest putBucketVersioningRequest = PutBucketVersioningRequest.builder() .bucket(bucketName) .versioningConfiguration(versioningConfiguration) .build(); // Enable versioning on the bucket. getClient().putBucketVersioning(putBucketVersioningRequest); PutObjectLockConfigurationRequest request = PutObjectLockConfigurationRequest.builder() .bucket(bucketName) .objectLockConfiguration(ObjectLockConfiguration.builder() .objectLockEnabled(ObjectLockEnabled.ENABLED) .build()) .build(); getClient().putObjectLockConfiguration(request); System.out.println("Successfully enabled object lock on "+bucketName); } catch (S3Exception ex) { System.out.println("Error modifying object lock: '" + ex.getMessage() + "'"); } }Set the default retention period of a bucket.
// Set or modify a retention period on an S3 bucket. public void modifyBucketDefaultRetention(String bucketName) { VersioningConfiguration versioningConfiguration = VersioningConfiguration.builder() .mfaDelete(MFADelete.DISABLED) .status(BucketVersioningStatus.ENABLED) .build(); PutBucketVersioningRequest versioningRequest = PutBucketVersioningRequest.builder() .bucket(bucketName) .versioningConfiguration(versioningConfiguration) .build(); getClient().putBucketVersioning(versioningRequest); DefaultRetention rention = DefaultRetention.builder() .days(1) .mode(ObjectLockRetentionMode.GOVERNANCE) .build(); ObjectLockRule lockRule = ObjectLockRule.builder() .defaultRetention(rention) .build(); ObjectLockConfiguration objectLockConfiguration = ObjectLockConfiguration.builder() .objectLockEnabled(ObjectLockEnabled.ENABLED) .rule(lockRule) .build(); PutObjectLockConfigurationRequest putObjectLockConfigurationRequest = PutObjectLockConfigurationRequest.builder() .bucket(bucketName) .objectLockConfiguration(objectLockConfiguration) .build(); getClient().putObjectLockConfiguration(putObjectLockConfigurationRequest) ; System.out.println("Added a default retention to bucket "+bucketName +"."); }-
For API details, see PutObjectLockConfiguration in AWS SDK for Java 2.x API Reference.
-
- JavaScript
-
- SDK for JavaScript (v3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. Set the object lock configuration of a bucket.
import { PutObjectLockConfigurationCommand, S3Client, S3ServiceException, } from "@aws-sdk/client-s3"; /** * Enable S3 Object Lock for an Amazon S3 bucket. * After you enable Object Lock on a bucket, you can't * disable Object Lock or suspend versioning for that bucket. * @param {{ bucketName: string, enabled: boolean }} */ export const main = async ({ bucketName }) => { const client = new S3Client({}); const command = new PutObjectLockConfigurationCommand({ Bucket: bucketName, // The Object Lock configuration that you want to apply to the specified bucket. ObjectLockConfiguration: { ObjectLockEnabled: "Enabled", }, }); try { await client.send(command); console.log(`Object Lock for "${bucketName}" enabled.`); } catch (caught) { if ( caught instanceof S3ServiceException && caught.name === "NoSuchBucket" ) { console.error( `Error from S3 while modifying the object lock configuration for the bucket "${bucketName}". The bucket doesn't exist.`, ); } else if (caught instanceof S3ServiceException) { console.error( `Error from S3 while modifying the object lock configuration for the bucket "${bucketName}". ${caught.name}: ${caught.message}`, ); } else { throw caught; } } }; // Call function if run directly import { parseArgs } from "node:util"; import { isMain, validateArgs, } from "@aws-doc-sdk-examples/lib/utils/util-node.js"; const loadArgs = () => { const options = { bucketName: { type: "string", required: true, }, }; const results = parseArgs({ options }); const { errors } = validateArgs({ options }, results); return { errors, results }; }; if (isMain(import.meta.url)) { const { errors, results } = loadArgs(); if (!errors) { main(results.values); } else { console.error(errors.join("\n")); } }Set the default retention period of a bucket.
import { PutObjectLockConfigurationCommand, S3Client, S3ServiceException, } from "@aws-sdk/client-s3"; /** * Change the default retention settings for an object in an Amazon S3 bucket. * @param {{ bucketName: string, retentionDays: string }} */ export const main = async ({ bucketName, retentionDays }) => { const client = new S3Client({}); try { await client.send( new PutObjectLockConfigurationCommand({ Bucket: bucketName, // The Object Lock configuration that you want to apply to the specified bucket. ObjectLockConfiguration: { ObjectLockEnabled: "Enabled", Rule: { // The default Object Lock retention mode and period that you want to apply // to new objects placed in the specified bucket. Bucket settings require // both a mode and a period. The period can be either Days or Years but // you must select one. DefaultRetention: { // In governance mode, users can't overwrite or delete an object version // or alter its lock settings unless they have special permissions. With // governance mode, you protect objects against being deleted by most users, // but you can still grant some users permission to alter the retention settings // or delete the objects if necessary. Mode: "GOVERNANCE", Days: Number.parseInt(retentionDays), }, }, }, }), ); console.log( `Set default retention mode to "GOVERNANCE" with a retention period of ${retentionDays} day(s).`, ); } catch (caught) { if ( caught instanceof S3ServiceException && caught.name === "NoSuchBucket" ) { console.error( `Error from S3 while setting the default object retention for a bucket. The bucket doesn't exist.`, ); } else if (caught instanceof S3ServiceException) { console.error( `Error from S3 while setting the default object retention for a bucket. ${caught.name}: ${caught.message}`, ); } else { throw caught; } } }; // Call function if run directly import { parseArgs } from "node:util"; import { isMain, validateArgs, } from "@aws-doc-sdk-examples/lib/utils/util-node.js"; const loadArgs = () => { const options = { bucketName: { type: "string", required: true, }, retentionDays: { type: "string", required: true, }, }; const results = parseArgs({ options }); const { errors } = validateArgs({ options }, results); return { errors, results }; }; if (isMain(import.meta.url)) { const { errors, results } = loadArgs(); if (!errors) { main(results.values); } else { console.error(errors.join("\n")); } }-
For API details, see PutObjectLockConfiguration in AWS SDK for JavaScript API Reference.
-
- Python
-
- SDK for Python (Boto3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. Put object lock configuration.
s3_client.put_object_lock_configuration( Bucket=bucket, ObjectLockConfiguration={"ObjectLockEnabled": "Disabled", "Rule": {}}, )-
For API details, see PutObjectLockConfiguration in AWS SDK for Python (Boto3) API Reference.
-
For a complete list of AWS SDK developer guides and code examples, see Developing with Amazon S3 using the AWS SDKs. This topic also includes information about getting started and details about previous SDK versions.
