S3 Object Lock which mode

#aws

Amazon S3 Object Lock supports two modes:

Mode	Purpose
Governance Mode	Protects objects from being deleted or overwritten by most users. Users with special permissions (`s3:BypassGovernanceRetention`) can still modify or delete objects. Useful when you want flexibility but still enforce retention rules.
Compliance Mode	Provides stricter protection. No one, including the root account, can overwrite or delete an object until the retention period expires. This mode is for strict compliance requirements (e.g., SEC Rule 17a-4(f), FINRA).

✅ So Compliance Mode is the strictest mode.

These are two separate mechanisms within Object Lock:

Example: Retain a file for 5 years.

Overrides retention periods and prevents deletion regardless of retention period settings.
Remains in effect until explicitly removed.
Used when there is a legal requirement to preserve data (e.g., court order, legal investigation).
Not tied to a time period.

Example: Legal hold stays active until removed, even if retention period expires.

Protection Type	Mode(s) Allowed	Can be overridden?
Retention Mode	Governance / Compliance	Governance: Yes Compliance: No
Legal Hold	Both	No

So in total there are:

💡 Quick tip: If your company says "No users can modify or delete any files" — that is Compliance mode with a retention period.

Feature	Question wording clue
Compliance Mode	“No one, including root account, can delete or modify objects until retention period expires” — emphasizes time-based, strict retention.
Legal Hold	“Objects cannot be deleted or modified until legal hold is removed” — emphasizes indefinite retention until explicit removal, not tied to a time period.

DEV Community