Configure WORM retention policies for OSS buckets with ossutil - Object Storage Service

Run the worm command to configure a WORM (Write Once Read Many) retention policy for a bucket. During the retention period, no user — including the resource owner — can modify or delete objects in the bucket. You can only upload and read objects during this period. Objects can be modified or deleted only after the retention period expires.

Usage notes

Required permissions: oss:InitiateBucketWorm to create, oss:CompleteBucketWorm to lock, oss:ExtendBucketWorm to extend, oss:GetBucketWorm to query, and oss:AbortBucketWorm to delete a retention policy. Attach a custom policy to a RAM user.
For ossutil 1.6.16 and later, you can use ossutil as the command. For versions of ossutil earlier than 1.6.16, you must use the binary name that corresponds to your operating system. For more information, see ossutil command reference.
The Retention policies topic covers the WORM lifecycle.

Create and lock a retention policy

Create a retention policy for a bucket and lock it.

Create a retention policy

Command syntax

ossutil worm init oss://BucketName days

Parameters:

Parameter

Description

BucketName

The name of the target bucket.

days

The retention period in days. Objects in the bucket cannot be modified or deleted during this period.

Unit: day
Valid values: 1 to 25550

Examples
Create a retention policy for the examplebucket bucket with a 180-day retention period.
```
ossutil worm init oss://examplebucket 180
```
Sample output:
```
init success,worm id is 581D8A7FFA064C80827CAB4076A93A78
```

Lock the retention policy

Command syntax

ossutil worm complete oss://BucketName WormId

Parameters:

Parameter	Description
BucketName	The name of the target bucket.
WormId	The ID returned when the retention policy was created.

Examples

Lock the retention policy for the examplebucket bucket.

ossutil worm complete oss://examplebucket 581D8A7FFA064C80827CAB4076A93A78

Sample output:

0.073810(s) elapsed

Extend the retention period

After you lock a retention policy, objects cannot be modified or deleted until the retention period expires. You can extend the period if needed.

Command syntax

ossutil worm extend oss://BucketName days WormId

Examples

Extend the retention period of examplebucket to 360 days.

ossutil worm extend oss://examplebucket 360 581D8A7FFA064C80827CAB4076A93A78

Sample output:

0.067810(s) elapsed

Query a retention policy

Retrieve a bucket's retention policy configuration.

Command syntax
```
ossutil worm get oss://BucketName
```

Examples

Query the retention policy for the examplebucket bucket.

ossutil worm get oss://examplebucket

Sample output:

<WormConfiguration>
      <WormId>581D8A7FFA064C80827CAB4076A93A78</WormId>
      <State>Locked</State>
      <RetentionPeriodInDays>360</RetentionPeriodInDays>
      <CreationDate>2021-01-19T03:36:53.000Z</CreationDate>
  </WormConfiguration>

Delete a retention policy

Delete a retention policy before it is locked.

Command syntax
```
ossutil worm abort oss://BucketName
```
Examples

Delete the retention policy for the examplebucket bucket.
```
ossutil worm abort oss://examplebucket
```
Sample output:
```
0.067810(s) elapsed
```

Common options

To access a bucket in a different region, use -e to specify the endpoint. To access a bucket owned by a different Alibaba Cloud account, use -i for the AccessKey ID and -k for the AccessKey secret.

Example: Create a retention policy for the test bucket in China (Hangzhou) under a different Alibaba Cloud account.

ossutil worm init oss://test -e oss-cn-hangzhou.aliyuncs.com -i yourAccessKeyID -k yourAccessKeySecret

Common options.