Object Lifecycles
Setting Object TTL with Custom HTTP Header
It's possible to specify TTL for the object by sending the X-Amz-Meta-Object-Expires
header (see S3 Compatibility) with one of the following:
- a signed, positive sequence of decimal numbers, each with an optional fraction and a unit suffix, such as
+300ms
,+1.5h
, or+2h45m
- valid time units are
ns
,us
(orµs
),ms
,s
,m
,h
+2h
means the object expires 2 hours from now
- valid time units are
- full RFC3339-formatted date
Setting Object TTL in the Access Grant / S3 Credentials
If the S3 client cannot send custom HTTP headers, it is possible to restrict an access grant with the MaxObjectTTL
permission. Uploaded objects get a TTL that reflects the configured MaxObjectTTL
period.
Log in to the Satellite Console and follow the steps to Create Access Grant.
Switch to your command terminal and execute the access restrict command.
Use the
--max-object-ttl
flag to set the Object TTL period to set on the uploaded objects. The period is set in hours, e.g. set720h
for one month.Make sure to set the
--readonly=false
flag. Otherwise, the restricted access grant will be read-only, making uploading objects impossible.Executing the command will print the new restricted access grant:
Execute the access inspect command to ensure the
MaxObjectTTL
was configured properly.You should see a new caveat added to the macaroon with a
max_object_ttl
field set to the configured period (the value is displayed in nanoseconds).Register the new access grant as S3 credentials with access register the command.
Configure the S3 credentials in your S3 client.