skip to Main Content

I need to configure my s3 bucket in a way that when a user inserts a file into the bucket which already exists in the bucket it should block the user inserting that file.

I thought of implementing an object block with a retention policy on the bucket but the object lock does not block the user to insert the file, it only protects the existing file.

This is what AWS documentation says about the object lock.

If you put an object into a bucket that has the same key name as an
existing protected object, Amazon S3 creates a new version of that
object, stores it in the bucket as requested, and reports the request
as completed successfully.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html

How can I block any kind of inserts/overwrites if a file with the same name already exists in the bucket?

2

Answers


  1. The only ways I can think of are:

    1. Probably not a reasonable solution but: you could create an IAM policy that has a deny Effect for the s3:PutObject Action for the object(s) in question. Something like this…
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Deny",
          "Action": [
            "s3:PutObject"
          ],
          "Resource": [
            "arn:aws:s3:::bucket/object1",
            "arn:aws:s3:::bucket/object2",
          ]
        }
      ]
    }
    

    It’s probably not reasonable because you would have to include every object in the bucket in the policy, and update it as objects are added.

    1. In the application tier. Check to see if the object exists and fail if it does. After a write, call to check if an "overwrite" has occurred (by checking versions) and rollback the version if it happened, and show the user an error message.
    Login or Signup to reply.
  2. I did not try it myself but

    1. You can configure retention mode at bucket level with required retention period https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-retention-modes
    2. Forbid PutObject via bucket conditional policy using s3:object-lock-mode or s3:object-lock-remaining-retention-days conditions
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search