S3 Versioning: A Simple Guide

Felipe Trova de Araujo
3 min readJan 16, 2025

--

Amazon S3 (Simple Storage Service) is a widely used cloud storage solution, and one of its key features is Object Versioning. This feature helps in managing and protecting your data by allowing you to store multiple versions of an object in a bucket (kinda a Git for your objects).

What is Object Versioning?

Object Versioning in S3 allows you to keep multiple versions of an object. This means that if you update or delete an object, the previous versions are still stored, making it possible to recover older versions if needed. Versioning adds an extra layer of protection for your data, especially when dealing with accidental deletions or updates.

Key Points About S3 Versioning:

  • Versioning is disabled by default on every S3 bucket.
  • Once you enable versioning, you cannot disable it completely. You can only suspend it.
  • Suspending versioning stops the creation of new versions, but old versions are still stored in the bucket.
  • Every version of an object takes up storage space, and you are billed for all versions, not just the most recent one.

How Versioning Works

When you upload an object to S3 with versioning disabled, the object is stored with a simple key (e.g., photo1.jpg) and a null version ID. If you overwrite the object, the original is replaced.

When versioning is enabled, each object also has a unique version ID. If you upload a new version of the same object (for example, updating photo1.jpg), S3 assigns a new version ID to the modified object. This way, you can retrieve, delete, or manage specific versions by referring to their unique version IDs.

Deleting Versioned Objects

In a versioned bucket, objects aren’t deleted in the traditional sense. Instead, when you “delete” an object, S3 adds a deletion marker to hide it. This marker acts as a signal that the object has been removed, but the older versions are still stored.

  • If you delete an object without specifying a version ID, S3 adds the deletion marker, and the object seems “deleted,” but earlier versions remain.
  • If you delete an object with a specific version ID, that version is permanently deleted, and the previous version becomes the latest one.

MFA Delete

For added security, S3 offers a feature called MFA Delete. When this feature is enabled, certain actions like permanently deleting object versions or changing the versioning status of a bucket require additional verification.

  • MFA Delete requires Multi-Factor Authentication (MFA), meaning that when you attempt to delete a version or change the versioning state, you must provide the serial number of an MFA device along with a code generated by the device.

This ensures that only authorized users can make these critical changes, adding an extra layer of protection for your important data.

In Summary:

  • Versioning protects your objects by keeping previous versions when updates or deletions occur.
  • Once enabled, versioning can only be suspended — not disabled.
  • Deleting objects in versioned buckets uses deletion markers, which hides but doesn’t erase older versions.
  • MFA Delete adds extra security to prevent unauthorized changes or deletions.

S3 versioning is a powerful feature for data protection, but it requires careful management due to the storage costs of maintaining multiple object versions. By enabling versioning, you safeguard your data from accidental changes while still being able to access or restore older versions if necessary.

--

--

Felipe Trova de Araujo
Felipe Trova de Araujo

No responses yet