Home > Storage > ObjectScale and ECS > Industry Solutions and Verticals > Dell ECS and Veeam Backup & Replication > Introduction
The Amazon S3 API allows retention to be added to objects stored in an S3 bucket. An object under retention cannot be deleted by users or applications until the retention period ends (unless overriding retention is allowed, as described in Object Lock retention modes).
Objects can also have an Object Lock legal hold applied to them. This hold overrides any retention setting and effectively locks the object. The object cannot be deleted until the hold is removed. Veeam Backup & Replication does not currently use legal holds.
You can create buckets with Object Lock enabled or add Object Lock after the bucket has been created.
With Object Lock enabled on a bucket, you can set one of two retention modes, as described in the following table.
Object Lock retention mode | Description |
Governance mode
|
|
Compliance mode |
|
Veeam Backup & Replication requires that neither of these modes are set on a bucket that it will use.
A bucket’s default retention mode is applied when objects are written to a bucket. Objects can be written with a retention mode different from the bucket’s default retention mode if the object’s retention mode is more secure.
Bucket retention mode | Object retention mode choice |
No mode specified |
|
Governance mode |
|
Compliance mode | Object Compliance mode |
Veeam Backup & Replication requires that no Retention Mode is defined at the bucket level. It writes objects specifying compliance mode on the objects.
A bucket cannot be created in an ECS namespace where ADO is enabled unless the method used to create the bucket allows specifying the following header:
-H "x-emc-is-stale-allowed: false"
For more information, see the examples in Using s3curl.
Note: You must use an S3 access key, which was created earlier in Create IAM accounts on ECS.
For more information about using Object Lock with ECS, see the ECS Data Access Guide.