Operations on Buckets
  • 02 Feb 2023
  • PDF

Operations on Buckets

  • PDF

Operations on buckets include: deleting, renaming, and logging buckets as well as cross-origin resource sharing (CORS) support, lifecycle policy, object locking, and compliance.

DELETE BUCKET force_delete=true Option

AWS S3 will not allow you to delete a bucket if it contains objects that have not been deleted.

Wasabi provides a force_delete=true option that first deletes all the objects in the bucket and then deletes the bucket. The deletion of objects is subject to policy and compliance requirements on the bucket.

To specify the force_delete=true option, simply add it as a query string. For example:

DELETE http://s3.wasabisys.com/my-bucket?force_delete=true HTTP/1.1

Renaming a Bucket

AWS S3 does not support renaming of buckets. It only supports renaming of objects in a bucket.

Wasabi supports the renaming of buckets. The new bucket name must not be in use for the rename to be successful. The caller must have the s3:CreateBucket policy permission to rename a bucket.

To rename a bucket, use the HTTP method MOVE along with the header field “Destination” to give the new bucket name. For example:

MOVE http://s3.wasabisys.com/my_old_bucket HTTP/1.1
Destination: my_new_bucket

MFA (Multi-Factor Authentication) Delete

Wasabi supports the “x-amz-mfa” header while:

  • configuring versioning on a bucket, or
  • deleting objects with delete object requests compatible with AWS S3.

Wasabi does not require the “x-amz-mfa” header if the user's access credentials signing the request were authenticated with MFA. Wasabi only supports virtual MFA devices.

Maximum Number of Buckets

Standard AWS S3 supports only 100 buckets.

Wasabi allows for a maximum of 1000 buckets per account and this number may be increased by contacting Wasabi Customer Support.

Bucket Logging

Wasabi supports bucket logging, which creates a text log file of all access to a bucket. The format of the log file is identical to the AWS S3 log file.

Wasabi bucket logging does not require any ACL permission settings to store logs in a target bucket. Although you can give permission settings in the logging request or in an ACL, they are not required for logging to work in Wasabi. However, the bucket that is a target for log files must be inside the same account as the bucket being logged.

Bucket Cross-Origin Resource Sharing (CORS) Support

For compatibility with browser access to Wasabi as a web server, the Wasabi server will return CORS headers when the header “Origin” is given in an HTTP request. Additionally, the server supports the HTTP method OPTIONS on either buckets or objects to return the CORS headers needed for a browser pre-flight test before accessing Wasabi.

Different from AWS, Wasabi returns the settings that will allow the browser full access to Wasabi. Hence, Wasabi does not support the AWS functions that allow a PUT and GET on a bucket with the “cors” parameter in the URL. Note that allowing browser full access to data does not affect the security of access to any objects and all access policies will still be enforced.

The following are the HTTP headers returned by default when the header “Origin” is given in an HTTP request:

Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, MOVE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 86400

Lifecycle Policy

The Lifecyle feature establishes a Lifecycle policy with rules to define actions that you want Wasabi to take during the life of an object. This feature replaces the need to manually delete an object after a retention period.

The Lifecycle feature is not yet supported in versioned or previously versioned buckets.

Configuring Lifecycle Settings

The lifecycle settings for a bucket are configuring with the "put-bucket-lifecycle-configuration" command. For example:

$ aws s3api put-bucket-lifecycle-configuration --bucket 1-1-1-1 --endpoint-url https://s3.wasabisys.com --lifecycle-configuration  file://lifecycle.json
{

    "Rules": [
        {
            "Expiration": {
                "Days": 1
            },
            "ID": "lifecycle_rule_1",
            "Filter": {
                "And": {
                    "ObjectSizeGreaterThan": 1,
                    "ObjectSizeLessThan": 21474836480
                }
            },
            "Status": "Enabled"
        },
        {
            "Expiration": {
                "Days": 1
            },
            "ID": "object_lifecycle_rule_bucket_6807766",
            "Filter": {
                "Prefix": "1"
            },
            "Status": "Enabled"
        }
    ]
}

Here is another example:

PUT https://s3.wasabisys.com/1-1-1-1?lifecycle
<LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Rule>
        <Expiration>
            <Days>1</Days>
        </Expiration>
        <ID>lifecycle_rule_1</ID>
        <Filter>
            <And>
                <ObjectSizeGreaterThan>1</ObjectSizeGreaterThan>
                <ObjectSizeLessThan>21474836480</ObjectSizeLessThan>
            </And>
        </Filter>
        <Status>Enabled</Status>
    </Rule>
    <Rule>
        <Expiration>
            <Days>1</Days>
        </Expiration>
        <ID>object_lifecycle_rule_bucket_6807766</ID>
        <Filter>
            <Prefix>1</Prefix>
        </Filter>
        <Status>Enabled</Status>
    </Rule>
</LifecycleConfiguration>

There is no response body for this call.

Retrieving Lifecycle Settings

The lifecycle settings for a bucket can be retrieved with the "get-bucket-lifecycle-configuration" command. For example:

$ aws s3api get-bucket-lifecycle-configuration --bucket 1-1-1-1 --endpoint-url https://s3.wasabisys.com
{
    "Rules": [
        {
            "Expiration": {
                "Days": 1
            },
            "ID": "lifecycle_rule_1",
            "Filter": {
                "And": {
                    "ObjectSizeGreaterThan": 1,
                    "ObjectSizeLessThan": 21474836480
                }
            },
            "Status": "Enabled"
        },
        {
            "Expiration": {
                "Days": 1
            },
            "ID": "object_lifecycle_rule_bucket_6807766",
            "Filter": {
                "Prefix": "1"
            },
            "Status": "Enabled"
        }
    ]
}

Here is another example:

GET https://s3.wasabisys.com/1-1-1-1?lifecycle
<?xml version="1.0" encoding="UTF-8"?>
<LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <Rule>
        <Expiration>
            <Days>1</Days>
        </Expiration>
        <ID>lifecycle_rule_1</ID>
        <Filter>
            <And>
                <ObjectSizeGreaterThan>1</ObjectSizeGreaterThan>
                <ObjectSizeLessThan>21474836480</ObjectSizeLessThan>
            </And>
        </Filter>
        <Status>Enabled</Status>
    </Rule>
    <Rule>
        <Expiration>
            <Days>1</Days>
        </Expiration>
        <ID>object_lifecycle_rule_bucket_6807766</ID>
        <Filter>
            <Prefix>1</Prefix>
        </Filter>
        <Status>Enabled</Status>
    </Rule>
</LifecycleConfiguration>

Deleting Lifecycle Settings

The lifecycle settings for a bucket can be deleted with the "delete-bucket-lifecycle" command. For example:

$ aws s3api delete-bucket-lifecycle --bucket 1-1-1-1 --endpoint-url https://s3.wasabisys.com

Here is another example:

DELETE http://wasabisys.com/1-1-1-1?lifecycle

There is no response body for this call.

Object Locking

Wasabi supports an object lock that prevents the deletion or overwrite of object versions for a fixed amount of time or indefinitely.

TagDescription
ObjectLockConfigurationThis is the mandatory root level tag for object lock configuration.
ObjectLockEnabledThis tag must be configured as Enabled.
RuleThis specifies the object lock rule for a bucket. It requires both a mode and a period. The period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time.
Mode should be either COMPLIANCE or GOVERNANCE.

The object lock settings for a bucket are specified using the “?object-lock” query string along with the object lock settings as the XML body in the request. For example:

PUT https://s3.wasabisys.com/qa.objectlock.002/?object-lock HTTP/1.1
<ObjectLockConfiguration>
     <ObjectLockEnabled>Enabled</ObjectLockEnabled>
     <Rule>
          <DefaultRetention>
               <Mode>COMPLIANCE</Mode>
               <Days>10</Days>
          </DefaultRetention>
     </Rule>
</ObjectLockConfiguration>

The object lock settings for a bucket can be retrieved by getting the bucket with the “?object-lock” query string. For example:

GET https://s3.wasabisys.com/qa.objectlock.002/?object-lock HTTP/1.1

Response body:

<?xml version="1.0" encoding="UTF-8"?>
<ObjectLockConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
     <ObjectLockEnabled>Enabled</ObjectLockEnabled>
     <Rule>
          <DefaultRetention>
               <Mode>COMPLIANCE</Mode>
               <Days>10</Days>
          </DefaultRetention>
     </Rule>
</ObjectLockConfiguration>

There are also object lock settings for each object described in Operations on Objects.

The object lock settings for a bucket can be cleared using "?object-lock" query string. For example:

PUT https://s3.wasabisys.com/qa.objectlock.002/?object-lock HTTP/1.1

Response body:

<ObjectLockConfiguration>
     <ObjectLockEnabled>Enabled</ObjectLockEnabled>
          <Rule>
               <DefaultRetention>
                    <Mode></Mode>
                    <Days></Days>
          </DefaultRetention>
     </Rule>
</ObjectLockConfiguration>

Wasabi Compliance

Wasabi supports a compliance policy that prevents the deletion of objects and provides additional information to prove that the original data is not modified since the time written. The compliance feature may be required for certain regulatory needs, but is also useful to prevent accidental data deletion.

Compliance is different from the object locking setting for a bucket.

You can set the compliance policy on any bucket controlling all the objects that are stored in that bucket. Specify the bucket compliance policy with the following XML tags.

TagDescription
StatusEither “enabled” or “disabled” to turn compliance on and off, respectively. Enabling will immediately apply to all objects in the bucket.
LockTimeThe time at which the compliance settings are “locked”—the settings cannot be reduced by any API call. Once the settings are locked, they cannot be unlocked without the intervention of Wasabi Customer Support. The lock time allows you to support two use cases:
  1. Testing that your software works properly before locking the compliance feature; or
  2. Never locking which means that data can be deleted with an additional step of an administrator turning compliance off.
The lock time parameter may be:
  • An ISO date (for example, 2016-11-07T15:08:05Z),
  • The string “now” to force immediate locking, or
  • The string “off to not lock the compliance settings. This is the default.
RetentionDaysAn integer for the minimum number of days that objects are always retained after their creation date or release from conditional hold. You can extend the retention date for any individual object, but may not shorten the date. This parameter is always required.
ConditionalHoldA Boolean value (“true” or “false”) indicating if newly created objects are placed on conditional hold, meaning that they cannot be deleted until the conditional hold is explicitly turned off. The default is false if this parameter is not given. Note that this setting may be changed even after the settings are locked.
DeleteAfterRetentionA Boolean value indicating if the object should be deleted automatically at the end of the retention period. The default is to not delete objects after the retention period. Note that this setting may be changed even after the settings are locked.

The compliance settings for a bucket are specified using the “?compliance” query string along with the compliance settings as the XML body in the request. For example:

PUT http://s3.wasabisys.com/my-bucket?complianceHTTP./1.1
<BucketComplianceConfiguration>
     <Status>enabled</Status>
     <LockTime>off</LockTime>
     <RetentionDays>365</RetentionDays>
     <DeleteAfterRetention>true</DeleteAfterRetention>
</BucketComplianceConfiguration>

After compliance is enabled for a bucket, the policy is immediately applied to all objects in the bucket. An attempt to delete an object before the retention period will return an error.

The compliance settings for a bucket can be retrieved by getting the bucket with the “?compliance” query string. For example:

GET http://s3.wasabisys.com/my-buck?complianceHTTP/1.1

Response body:

<BucketComplianceConfiguration xml ns="http://s3.amazonaws.com/doc/2006-03-01/">
     <Status>enabled</Status>
     <LockTime>2016-11-07T15:08:05Z</LockTime>
     <IsLocked>false</IsLocked>
     <RetentionDays>0</RetentionDays>
     <ConditionalHold>false</ConditionalHold>
     <DeleteAfterRetention>false</DeleteAfterRetention>
</BucketComplianceConfiguration>

There are also compliance settings for each object described in Operations on Objects.

Operations on Buckets Not Supported in Wasabi

OperationDescription
Bucket TaggingBucket tagging is currently unavailable in Wasabi.
Bucket WebsiteWebsite configuration is unavailable in Wasabi. Given the nature of Wasabi as a long-term object store, we do not expect to support website operations to buckets.
The header “x-amz-website-redirect-location” is ignored in any object requests.
Bucket AccelerateWasabi does not implement the AWS S3 bucket accelerate subresource.
Bucket LocationWasabi always returns the bucket location as “us-east”. When creating a bucket, the “LocationConstraint” request data is ignored.
Bucket NotificationWasabi does not support the use of the notification resource for a bucket.
Bucket Request PaymentWasabi does not support the use of the “requestPayment” subresource for buckets.
Metrics ConfigurationWasabi does not support the operation to receive one-minute CloudWatch metrics, set CloudWatch alarms, and access CloudWatch dashboards to view near-real-time operations and performance of your Amazon S3 storage.

S3 Block Public Access

Wasabi does not support the operation to centrally block existing public access (whether made possible via an ACL or a policy) and make sure newly created items are not inadvertently granted public access.
S3 SelectWasabi does not support the S3 Select API.



Was this article helpful?