Create object lock enabled backups

After creating the required object lock enabled schedule policies, you can use them to create an object lock enabled manual or scheduled backup.


  • In S3 compliant object store user interface, create a bucket, enable object lock, and set retention period.

    NOTE: Object lock enabled backup locations should be configured with a minimum retention
    period of 7 days or above.

  • For all S3 compliant object store, enable the following permissions for the IAM role:

    • s3:GetBucketObjectLockConfiguration
    • s3:GetObjectLegalHold
    • s3:GetObjectRetention

    NOTE: To configure object lock on S3 buckets in all S3 compliant object stores, below S3 permissions are needed for IAM role:

    • s3:BypassGovernanceRetention
    • s3:PutBucketObjectLockConfiguration
    • s3:PutObjectLegalHold
    • s3:PutObjectRetention
  • Configure an AWS/S3 cloud account in PX-Backup.

  • Install the latest version of MinIO that supports object lock.

  • Install or upgrade to Stork version 2.10 or above for object lock.

    Backups to object lock enabled buckets fail with the following error message if the minimum Stork version is not installed:

    backup failed error message

Last edited: Saturday, May 14, 2022