Home > Storage > ObjectScale and ECS > Product Documentation > ECS: Overview and Architecture > Object lock
Dell ECS object lock protects object versions from accidental or malicious deletion such as a ransomware attack. It does this by allowing object versions to enter a Write Once Read Many (WORM) state, where access is restricted based on attributes set on the object version.
Object lock is designed to meet compliance requirements such as SEC 17a4(f), FINRA Rule 4511(c), and CFTC Rule 17.
For the best application compatibility, object lock is compatible with the capabilities of Amazon S3 object lock.
Object lock prevents object version deletion during a user-defined retention period. Immutable S3 objects are protected using object- or bucket-level configuration of WORM and retention attributes. The retention policy is defined using the S3 API or bucket-level defaults (also set using the S3 API). Objects are locked during the retention period, and legal hold scenarios are also supported.
There are two lock types for object lock:
There are two modes for the retention period:
Object lock requires the use of versioned buckets, enabling object lock on a bucket automatically enables versioning. Once object lock is enabled, it is not possible to disable it or suspend versioning for the bucket. Object locks apply to individual object versions only, different versions of a single object can have different retention modes and periods.
An object can still be deleted, but the version still exists and is locked. Retention period can be placed on an object explicitly, or implicitly through a bucket default setting. Placing a default retention setting on a bucket does not place any retention settings on objects that already exist in the bucket. Changing a bucket's default retention period does not change the existing retention period for any objects in that bucket. In compliance mode, locks cannot be removed, decreased, or downgraded to governance mode. In governance mode, lock can be removed, bypassed, and elevated to compliance mode with the appropriate assigned privilege.
Objects under lock are protected from lifecycle deletions.
Lifecycle logic is made difficult due to variety of behavior of different locks. From lifecycle point of view there are locks without a date, locks with date that can be extended, and locks with date that can be decreased.
Access control using IAM policies is an important part of the object lock functionality. The s3:BypassGovernanceRetention permission is important because it is required to delete a WORM-protected object in governance mode (it is not effective for compliance mode). IAM policy conditions have been defined in the following table to support object lock:
Condition key | Description |
s3:object-lock-legal-hold | Enables enforcement of the specified object legal hold status |
s3:object-lock-mode | Enables enforcement of the specified object retention mode |
s3:object-lock-retain-until-date | Enables enforcement of a specific retain-until-date |
s3:object-lock-remaining-retention-days | Enables enforcement of an object relative to the remaining retention days |
Note: Object lock requires ECS ADO and FS (File System) to be disabled on buckets when using ECS versions 3.6.2 and ECS 3.7.x. Object lock is only supported by S3 API, no UI workflows. It only works with IAM, and not with legacy accounts.
ECS object lock enhancements for ADO (Access During Outage) have been added starting from ECS 3.8.0.1. It now supports ADO RO (Read Only) by default. For RW (Read Write) mode, ECS will continue to deny setting Object Lock on ADO buckets by default. There are flags at the namespace and individual bucket level that allow the user to agree that they understand the risk of losing locked versions during TSO but would still like to allow this feature. For help with enabling the object lock RW in ADO, see the latest ECS Data Access Guide or ask the Dell support team. After flags are set on a bucket, they cannot be disabled.
ECS version | Setting flags | Non-ADO | ADO RO | ADO RW |
3.6.2/3.7/Partial Upgrade
| cannot set flags
| Yes | No | No |
Full Upgrade to 3.8.0.1
| set to not allowed (by default)
| Yes | Yes | No |
Full Upgrade to 3.8.0.1
| set to allowed
| Yes | Yes | Yes |
See the latest ECS Data Access Guide for more information about ECS object lock.