Deleting Amazon S3 objects

Delete a single object – Amazon S3 provides the DELETE (DeleteObject) API operation that you can use to delete one object in a single HTTP request.

Delete multiple objects – Amazon S3 provides the Multi-Object Delete (DeleteObjects) API operation that you can use to delete up to 1,000 objects in a single HTTP request.

Enable bucket versioning. S3 Versioning adds protection against simple DeleteObject requests to prevent accidental deletions. For versioned buckets, if you delete the current version of an object or when a delete request doesn’t specify a specific version Id, Amazon S3 doesn’t permanently delete the object. Instead, S3 adds a delete marker, issuing a soft delete of the object. The delete marker then becomes the current (or newest) version of the object with a new version ID. For more information, see Deleting object versions from a versioning-enabled bucket.

If you want to delete a large number of objects, or for programmatically deleting objects based on object creation date, set a S3 Lifecycle configuration on your bucket. To monitor these deletions, we recommend that you use an S3 Lifecycle event notification. When you configure S3 Lifecycle notifications, the s3:LifecycleExpiration:Delete event type notifies you when an object in a bucket is deleted. It also notifies you when an object version is permanently deleted by an S3 Lifecycle configuration. The s3:LifecycleExpiration:DeleteMarkerCreated event type notifies you when S3 Lifecycle creates a delete marker. A delete marker is created when a current version of an object in a versioned bucket is deleted.

Before making any updates to your S3 Lifecycle configuration, confirm that Lifecycle has completed the actions on all intended objects. For more information, see the Updating, disabling, or deleting Lifecycle rules section in Setting an S3 Lifecycle configuration on a bucket.

Consider restricting users from removing or deleting objects from your bucket. To restrict users, you’ll need to explicitly deny users the permissions for the following actions in your Amazon S3 bucket policies:

Consider using S3 Replication to create multiple copies of your data and to replicate them to multiple locations at once. You can choose as many destination buckets as needed. Additionally, if an object is unintentionally deleted, you'll still have a copy of the data.

Specify a non-versioned delete request – Specify only the object's key, and not the version ID. In this case, Amazon S3 creates a delete marker over the current version of the object and returns its version ID in the response. This makes your object disappear from the bucket. For information about object versioning and the delete marker concept, see Retaining multiple versions of objects with S3 Versioning.

Specify a versioned delete request – Specify both the key and version ID. In this case, the following outcomes are possible:

If you provide an MFA token that isn't valid, the request always fails.

If you have an MFA-enabled bucket and you make a versioned delete request (you provide an object key and version ID), the request fails if you don't provide a valid MFA token. In addition, when using the multi-object Delete API operation on an MFA-enabled bucket, if any of the deletes are a versioned delete request (that is, you specify an object key and version ID), the entire request fails if you don't provide an MFA token.

If you have an MFA-enabled bucket and you make a non-versioned delete request (you are not deleting a versioned object), and you don't provide an MFA token, the delete succeeds.

If you have a Multi-Object Delete request that specifies only non-versioned objects to delete from an MFA-enabled bucket and you don't provide an MFA token, the deletions succeed.