将 S3 分批操作与 S3 对象锁定保留合规模式结合使用 - Amazon Simple Storage Service
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

将 S3 分批操作与 S3 对象锁定保留合规模式结合使用

以下示例基于上述创建信任策略以及在对象上设置 S3 分批操作和 S3 对象锁定配置权限的示例而构建。此示例将保留模式设置为 COMPLIANCE,并将 retain until date 设置为 2025 年 1 月 1 日。此示例将创建一个任务,该任务以清单存储桶中的对象为目标,并在您标识的报告存储桶中报告结果。

要使用以下示例,请将 user input placeholders 替换为您自己的信息。

以下 Amazon CLI 示例说明如何使用批量操作跨多个对象应用 S3 对象锁定保留合规模式。

例 — 跨多个对象设置 S3 对象锁定保留合规模式
export AWS_PROFILE='aws-user' export AWS_DEFAULT_REGION='us-west-2' export ACCOUNT_ID=123456789012 export ROLE_ARN='arn:aws:iam::123456789012:role/batch_operations-objectlock' read -d '' OPERATION <<EOF { "S3PutObjectRetention": { "Retention": { "RetainUntilDate":"2025-01-01T00:00:00", "Mode":"COMPLIANCE" } } } EOF read -d '' MANIFEST <<EOF { "Spec": { "Format": "S3BatchOperations_CSV_20180820", "Fields": [ "Bucket", "Key" ] }, "Location": { "ObjectArn": "arn:aws:s3:::amzn-s3-demo-manifest-bucket/compliance-objects-manifest.csv", "ETag": "Your-manifest-ETag" } } EOF read -d '' REPORT <<EOF { "Bucket": "arn:aws:s3:::ReportBucket", "Format": "Report_CSV_20180820", "Enabled": true, "Prefix": "amzn-s3-demo-completion-report-bucket/compliance-objects-batch-operations", "ReportScope": "AllTasks" } EOF aws \ s3control create-job \ --account-id "${ACCOUNT_ID}" \ --manifest "${MANIFEST//$'\n'}" \ --operation "${OPERATION//$'\n'/}" \ --report "${REPORT//$'\n'}" \ --priority 10 \ --role-arn "${ROLE_ARN}" \ --client-request-token "$(uuidgen)" \ --region "${AWS_DEFAULT_REGION}" \ --description "Set compliance retain-until to 1 Jul 2030";
例 — 将 COMPLIANCE 模式的 retain until date 延长至 2025 年 1 月 15 日

以下示例将 COMPLIANCE 模式的 retain until date 延长至 2025 年 1 月 15 日。

export AWS_PROFILE='aws-user' export AWS_DEFAULT_REGION='us-west-2' export ACCOUNT_ID=123456789012 export ROLE_ARN='arn:aws:iam::123456789012:role/batch_operations-objectlock' read -d '' OPERATION <<EOF { "S3PutObjectRetention": { "Retention": { "RetainUntilDate":"2025-01-15T00:00:00", "Mode":"COMPLIANCE" } } } EOF read -d '' MANIFEST <<EOF { "Spec": { "Format": "S3BatchOperations_CSV_20180820", "Fields": [ "Bucket", "Key" ] }, "Location": { "ObjectArn": "arn:aws:s3:::amzn-s3-demo-manifest-bucket/compliance-objects-manifest.csv", "ETag": "Your-manifest-ETag" } } EOF read -d '' REPORT <<EOF { "Bucket": "arn:aws:s3:::amzn-s3-demo-completion-report-bucket", "Format": "Report_CSV_20180820", "Enabled": true, "Prefix": "reports/compliance-objects-batch_operations", "ReportScope": "AllTasks" } EOF aws \ s3control create-job \ --account-id "${ACCOUNT_ID}" \ --manifest "${MANIFEST//$'\n'}" \ --operation "${OPERATION//$'\n'/}" \ --report "${REPORT//$'\n'}" \ --priority 10 \ --role-arn "${ROLE_ARN}" \ --client-request-token "$(uuidgen)" \ --region "${AWS_DEFAULT_REGION}" \ --description "Extend compliance retention to 15 Jan 2025";

以下 Amazon SDK for Java 示例说明如何使用批量操作跨多个对象应用 S3 对象锁定保留合规模式。

例 — 将保留模式设置为 COMPLIANCE(合规),并将“保留到期日”设置为 2025 年 1 月 1 日
public String createComplianceRetentionJob(final AWSS3ControlClient awss3ControlClient) throws ParseException { final String manifestObjectArn = "arn:aws:s3:::amzn-s3-demo-manifest-bucket/compliance-objects-manifest.csv"; final String manifestObjectVersionId = "your-object-version-Id"; final JobManifestLocation manifestLocation = new JobManifestLocation() .withObjectArn(manifestObjectArn) .withETag(manifestObjectVersionId); final JobManifestSpec manifestSpec = new JobManifestSpec() .withFormat(JobManifestFormat.S3BatchOperations_CSV_20180820) .withFields("Bucket", "Key"); final JobManifest manifestToPublicApi = new JobManifest() .withLocation(manifestLocation) .withSpec(manifestSpec); final String jobReportBucketArn = "arn:aws:s3:::amzn-s3-demo-completion-report-bucket"; final String jobReportPrefix = "reports/compliance-objects-bops"; final JobReport jobReport = new JobReport() .withEnabled(true) .withReportScope(JobReportScope.AllTasks) .withBucket(jobReportBucketArn) .withPrefix(jobReportPrefix) .withFormat(JobReportFormat.Report_CSV_20180820); final SimpleDateFormat format = new SimpleDateFormat("dd/MM/yyyy"); final Date janFirst = format.parse("01/01/2025"); final JobOperation jobOperation = new JobOperation() .withS3PutObjectRetention(new S3SetObjectRetentionOperation() .withRetention(new S3Retention() .withMode(S3ObjectLockRetentionMode.COMPLIANCE) .withRetainUntilDate(janFirst))); final String roleArn = "arn:aws:iam::123456789012:role/batch_operations-object-lock"; final Boolean requiresConfirmation = true; final int priority = 10; final CreateJobRequest request = new CreateJobRequest() .withAccountId("123456789012") .withDescription("Set compliance retain-until to 1 Jan 2025") .withManifest(manifestToPublicApi) .withOperation(jobOperation) .withPriority(priority) .withRoleArn(roleArn) .withReport(jobReport) .withConfirmationRequired(requiresConfirmation); final CreateJobResult result = awss3ControlClient.createJob(request); return result.getJobId(); }
例 — 延长 COMPLIANCE 模式的 retain until date

以下示例将 COMPLIANCE 模式的 retain until date 延长至 2025 年 1 月 15 日。

public String createExtendComplianceRetentionJob(final AWSS3ControlClient awss3ControlClient) throws ParseException { final String manifestObjectArn = "arn:aws:s3:::amzn-s3-demo-manifest-bucket/compliance-objects-manifest.csv"; final String manifestObjectVersionId = "15ad5ba069e6bbc465c77bf83d541385"; final JobManifestLocation manifestLocation = new JobManifestLocation() .withObjectArn(manifestObjectArn) .withETag(manifestObjectVersionId); final JobManifestSpec manifestSpec = new JobManifestSpec() .withFormat(JobManifestFormat.S3BatchOperations_CSV_20180820) .withFields("Bucket", "Key"); final JobManifest manifestToPublicApi = new JobManifest() .withLocation(manifestLocation) .withSpec(manifestSpec); final String jobReportBucketArn = "arn:aws:s3:::amzn-s3-demo-completion-report-bucket"; final String jobReportPrefix = "reports/compliance-objects-batch_operations"; final JobReport jobReport = new JobReport() .withEnabled(true) .withReportScope(JobReportScope.AllTasks) .withBucket(jobReportBucketArn) .withPrefix(jobReportPrefix) .withFormat(JobReportFormat.Report_CSV_20180820); final SimpleDateFormat format = new SimpleDateFormat("dd/MM/yyyy"); final Date jan15th = format.parse("15/01/2025"); final JobOperation jobOperation = new JobOperation() .withS3PutObjectRetention(new S3SetObjectRetentionOperation() .withRetention(new S3Retention() .withMode(S3ObjectLockRetentionMode.COMPLIANCE) .withRetainUntilDate(jan15th))); final String roleArn = "arn:aws:iam::123456789012:role/batch_operations-object-lock"; final Boolean requiresConfirmation = true; final int priority = 10; final CreateJobRequest request = new CreateJobRequest() .withAccountId("123456789012") .withDescription("Extend compliance retention to 15 Jan 2025") .withManifest(manifestToPublicApi) .withOperation(jobOperation) .withPriority(priority) .withRoleArn(roleArn) .withReport(jobReport) .withConfirmationRequired(requiresConfirmation); final CreateJobResult result = awss3ControlClient.createJob(request); return result.getJobId(); }