- WORM model for individual object versions.
- Prevents deletion or overwrite for a set time.
- Requires versioning
Retention modes:
- Compliance mode: Cannot be altered or bypassed by any user, including root. Retention period/mode cannot be shortened.
- Governance mode: Restricts changes for most users; privileged users can modify retention or delete objects.
Retention period:
- Fixed duration; can be extended, never shortened.
Legal Hold:
- Protects object indefinitely, regardless of retention period.
- Managed via
s3:PutObjectLegalHoldpermission.