Versioning
With versioning enabled, writing to an existing key does not overwrite it. The store keeps the old bytes as a noncurrent version and makes the new write the current one. A delete just adds a delete marker that hides the object while older versions remain recoverable.
Why it helps
- Accidental overwrites and deletes are undoable: restore a prior version.
- It defends against buggy clients and some ransomware patterns.
- The cost is real: every version consumes storage until lifecycle rules prune it.
Immutability with object lock
Object lock goes further. A version under a retention period or legal hold cannot be deleted or overwritten by anyone, including administrators, until the lock lifts. This write once read many behavior satisfies compliance and audit requirements.
Key idea
Versioning turns every write into a recoverable version, and object lock makes chosen versions immutable until a retention period or legal hold expires.