S3 object lock in PX-Backup
PX-Backup supports object lock for all S3 object store compliant backup location targets and allows object lock with a bucket-level locking mechanism to secure the objects placed in a bucket. All objects in a bucket comply with the object lock settings defined for the bucket. Object lock provides following features to secure your objects:
- Retention modes:
- Governance: you cannot overwrite or delete an object version or alter its lock settings unless they have special permissions.
- Compliance: you cannot overwrite or delete a protected object version even if you are the root user of an AWS account.
- Retention period: specifies a fixed period of time during which an object remains locked
Protection period is the number of days your backup will be protected from ransomware attack. Protection period acts as the determiner for retention period.
For an object lock enabled backup, retention period in days = protection period in days + 6 days of buffer.
Following sections guide you to retain your objects in an object lock enabled bucket: