3.3.4. Versioning: S3 Object Versioning and FSx
š” First Principle: Versioning is the simplest form of point-in-time recovery for file and object data. Every write creates a new version; every delete is a "delete marker" that hides the object without destroying it. This means no accidental deletion is truly permanent ā you can always restore a previous version.
S3 Versioning:
Once enabled on a bucket, S3 preserves every version of every object. Key behaviors:
- PUT creates a new version with a unique version ID
- DELETE adds a delete marker (the object appears deleted but isn't gone)
- Restore: delete the delete marker to restore the previous version
- Permanently delete: specify the version ID
S3 Versioning cannot be disabled once enabled ā only suspended. Suspension prevents new versions from being created but preserves existing versions.
S3 MFA Delete: Adds a second factor requirement for:
- Changing versioning state of a bucket
- Permanently deleting a specific object version
MFA Delete requires the root account's MFA device and the MFA token. This protects against accidental or malicious permanent deletion by compromised IAM credentials.
S3 Object Lock: WORM protection at the object level (works only with versioning enabled):
| Mode | Can Overwrites Be Prevented? | Who Can Unlock? |
|---|---|---|
| Governance | ā Yes (requires special permission to override) | Users with s3:BypassGovernanceRetention permission |
| Compliance | ā Yes (cannot be overridden ā not even root) | Nobody during retention period |
| Legal Hold | ā Yes | Any user with s3:PutObjectLegalHold permission |
Use compliance mode for regulatory requirements (SEC, FINRA, HIPAA). Use governance mode when you need override capability for legitimate business purposes.
FSx Backup and Versioning:
- FSx for Windows: Automatic daily backups, manual backups, shadow copies (Windows VSS-based point-in-time snapshots accessible from within the OS)
- FSx for Lustre: Backups can be taken manually or automatically; data can be linked to S3 so files are lazily loaded from S3 and writes can be exported back to S3
ā ļø Exam Trap: S3 Versioning significantly increases storage costs ā every version of every object is billed. A 1GB object modified 10 times becomes 10GB billed. Use S3 Lifecycle policies to transition or expire old versions. A common pattern: keep current version in S3 Standard, move versions older than 30 days to S3 Glacier, delete versions older than 1 year.
Reflection Question: A compliance regulation requires that financial records stored in S3 cannot be modified or deleted for 7 years. What combination of S3 features do you enable, and what governance mode choice do you make?
