At first, this can seem a bit paradoxical; after all, S3 is usually used as a backup for other services. But, it doesn’t protect from accidental deletions or overwrites, and for mission critical data, you can pay extra to have the bucket replicated across regions.
Prevent Accidental Deletion with Object Versioning
Let’s make one thing clear first—data in S3 is incredibly safe. It’s used for backups, so it doesn’t make much sense to backup your backup unless you’re really paranoid about losing your data.
And while S3 data is definitely safe from individual drive failures due to RAID and other backups, it’s also safe from disaster scenarios like widespread outages or warehouse failure. Unlike EBS-backed data volumes, which are stored in one place and can fail completely, S3 is already “backing up your data.” Data in S3 is stored in three or more Availability Zones, which means even in the event one of them burns down, you still have two more backups.
What S3 doesn’t protect you from is yourself. It’s much, much more likely that you, or someone else with access, will accidentally delete something, or overwrite an important object with garbage data. This is the scenario that you should be worried about.
To protect against this, S3 has a feature called Object Versioning. It stores every different version of each object, so if you accidentally overwrite it, you can restore a previous version. You can also fetch previous versions at any time by passing that as a parameter to the GET request.
When versioning is enabled, rather than deleting objects directly, S3 marks the object with a “Deletion Marker” that causes it to act like it’s gone, but in the event that you didn’t mean to delete it, it’s reversible.
To enable it, open up the bucket’s settings, click “Properties,” and click “Edit” on Bucket Versioning.
From here, you can simply turn it on.
Saving Your Wallet With Lifecycle Rules
Of course, storing multiple copies of objects uses way more space, especially if you’re frequently overwriting data. You probably don’t need to store these old versions for the rest of eternity, so you can do your wallet a favor by setting up a Lifecycle rule that will remove the old versions after some time.
Under Management > Life Cycle Configuration, add a new rule. The two options available are moving old objects to an infrequent access tier, or deleting them permanently after
In case you’re anxious you miss-clicked and this rule is going to delete working data, you’ll see at the bottom that the rule actions only apply 30 days after an object becomes noncurrent. There’s no rule that will permanently delete working data, only expire it, which is recoverable.
Replicate the Bucket Across Regions
If you really want to back up the entire S3 bucket, you can do so with another bucket and a replication rule. This rule will automatically replicate all actions in the target bucket.
You can set it up from the “Replication” tab under “Management.”
Set the source configuration (either the whole bucket or a prefix/tag) and set the target bucket:
You will need to create an IAM role for replication; S3 will handle the configuration, just give it a name.
Click “Next,” and click “Save.” The rule should be active immediately; you can test uploading an object, and you should see it replicated to the destination bucket, then you’ll see the replication status tag change to COMPLETED.