Oracle Cloud Infrastructure Documentation

Using Object Lifecycle Management

Object Lifecycle Management lets you automatically manage the archiving and deletion of objects. By using Object Lifecycle Management to manage your Object Storage and Archive Storage data, you can reduce your storage costs and the amount of time you spend managing data. Object Lifecycle Management works by defining rules that instruct Object Storage to archive or delete objects on your behalf within a given bucket. A bucket's lifecycle rules are collectively known as an object lifecyle policy. For example, you could have Object Storage automatically move a group of objects to Archive Storage 30 days after creation, and automatically delete the archived objects 120 days after creation.

Each Object Storage or Archive Storage bucket can have a single lifecycle policy consisting of up to 1,000 rules. Rules can have multiple prefix matching conditions. You can create, edit, delete, enable and disable individual rules in the Console as needed. To update a lifecycle policy using the API, you must overwrite the entire policy with a new policy that is inclusive of all the rules you wish to apply to the bucket. Use the PutObjectLifecyclePolicy API call to update a bucket's lifecycle policy.

Required IAM Policy

Warning

Object Lifecycle Management will not work if you do not authorize the Object Storage service to archive and delete objects on your behalf. See Service Permissions for more information.

User Permissions

To use Oracle Cloud Infrastructure, you must be given the required type of access in a An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in.

The policy Let Object Storage admins manage buckets and objects lets the specified group do everything with buckets and objects, including adding and managing lifecycle policies. See Details for Object Storage, Archive Storage, and Data Transfer for more information on Object Storage user permissions.

Service Permissions

To execute object lifecycle polices, you must authorize the service to archive and delete objects on your behalf. To do so, create the following policy:

 allow service objectstorage-<region_name> to manage object-family in compartment <compartment_name>

Because Object Storage is a regional service, you must authorize the Object Storage service of each region in which you use lifecycle policies. The regional nature of Object Storage ensures that your data is not read from any region that you have not authorized the data to be read from.

If you don't have permissions to write policies for the root compartment of your tenancy, contact your Oracle Cloud Infrastructure administrator. To determine the region name value of an Oracle Cloud Infrastructure region, see Regions and Availability Domains .

If you wish to grant individual permissions to the service rather than use the policy verb manage, you can use the following syntax:

allow service objectstorage-<region_name> to {BUCKET_INSPECT, BUCKET_READ, OBJECT_INSPECT, OBJECT_CREATE,  OBJECT_DELETE} in compartment <compartment_name>

If you're new to policies, see Getting Started with Policies and Common Policies.

Options

When creating object lifecycle policy rules, you have the following options:

  • You can use a rule to either archive or delete objects.
  • You can apply a rule at the bucket level or the object name prefix level.
  • You can disable and enable a rule on demand using the Console. For disabled or deleted rules, the system stops the execution of those rules immediately.
  • You can choose whether a new rule is enabled or disabled upon creation when using the Console.

Scope and Constraints

Understand the following scope and constraints regarding object lifecycle policies:

  • A rule that deletes an object always takes priority over a rule that would archive that same object.
  • When creating a lifecyle policy rule that deletes objects from Archive Storage, note that Archive Storage has a minimum retention requirement of 90 days. Objects deleted from Archive Storage that have not met the 90-day retention minimum will be billed for 90 days of storage.
  • You can create up to 1,000 lifecycle rules per bucket.
  • When you create a lifecyle policy for a bucket, Object Storage applies your lifecycle policy to any objects that currently exist in the bucket.

Working with Object Lifecycle Management Policies

You can create, delete, edit, or disable lifecycle policy rules using the Console, the Command Line Interface (CLI), an SDK, or the API.

Warning

Objects deleted on your behalf by lifecyle policies cannot be recovered. Be sure when creating and editing your lifecyle policies that you are not unintentionally deleting data you wish to retain. Oracle recommends that you test your lifecyle policy on development data prior to using the policy in production.

Using the Console

To create a lifecycle policy rule
To edit a lifecycle policy rule
To enable, disable, or delete a lifecycle policy rule

Using the Command Line Interface (CLI)

For information about using the CLI, see Command Line Interface (CLI). For a complete list of flags and options available for CLI commands, see CLI Help.

To create or replace a lifecycle policy for a bucket
To delete a bucket's lifecycle policy
To get a bucket's lifecycle policy

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use the following operations to manage object lifecycle policies: