Contact UsGet started

Deleting an object

Written by
Updated at December 11, 2024

Deleting an object or object version without a lock

An object or object version for which the lock has not been set (e.g., because object lock is not enabled in the bucket) can be deleted without any additional confirmation.

Note

To delete an object with an incomplete multipart upload, follow these instructions.

The minimum required role is storage.editor.

To delete an object:

  1. In the management console, select Object Storage from the list of services and go to the bucket where the object you need to delete is stored.

  2. In the left-hand panel, select Objects.

  3. To see all versions of objects in the list, enable Show versions to the right of the object search field in the bucket.

  4. To delete a single object, click Delete.

    To do the same with multiple objects, select them in the list and click Delete at the bottom of the screen.

    Note

    You can delete a folder with objects. This is an asynchronous operation. Once run, objects are gradually deleted from the bucket instead of all at once. During this time, you can perform other operations in the management console, including upload new objects to the folder being deleted. For more information, see Folder.

  5. In the window that opens, click Delete.

In the management console, the information about the number of objects in the bucket and used up space is updated with a few minutes delay.

Note

It is more convenient to work with multiple objects at once using the CyberDuck and WinSCP file browsers or the AWS CLI.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for deleting an object from a bucket:

    yc storage s3api delete-object --help

  2. Get a list of buckets in the default folder:

    yc storage bucket list

    Result:

    +------------------+----------------------+-------------+-----------------------+---------------------+
|       NAME       |      FOLDER ID       |  MAX SIZE   | DEFAULT STORAGE CLASS |     CREATED AT      |
+------------------+----------------------+-------------+-----------------------+---------------------+
| first-bucket     | b1gmit33ngp6******** | 53687091200 | STANDARD              | 2022-12-16 13:58:18 |
+------------------+----------------------+-------------+-----------------------+---------------------+

  3. Run this command:

    yc storage s3api put-object \
  --bucket <bucket_name> \
  --key <object_key>

    Where:

    • --bucket: Name of your bucket.
    • --key: Object key.

    Result:

    request_id: 0311ec7********

If you do not have the AWS CLI yet, install and configure it.

In the terminal, run the aws s3api delete-object command:

aws s3api delete-object \
  --endpoint-url https://storage.yandexcloud.net \
  --bucket <bucket_name> \
  --key <object_key>

Where:

  • --bucket: Name of your bucket.
  • --key: Object key.

To delete multiple objects at once, provide the keys of these objects in the --delete parameter:

  • Bash:

    aws s3api delete-objects \
  --endpoint-url=https://storage.yandexcloud.net \
  --bucket <bucket_name> \
  --delete '{"Objects":[{"Key":"<object_1_key>"},{"Key":"<object_2_key>"},...,{"Key":"<object_n_key>"}]}'

  • PowerShell:

    aws s3api delete-objects `
  --endpoint-url=https://storage.yandexcloud.net `
  --bucket <bucket_name> `
  --delete '{\"Objects\":[{\"Key\":\"<object_1_key>\"},{\"Key\":\"<object_2_key>\"},...,{\"Key\":\"<object_n_key>\"}]}'

Where:

  • --bucket: Bucket name.
  • <object_1_key>, <object_2_key>, <object_n_key>: Keys of objects you need to delete.

Result:

{
  "Deleted": [
      {
          "Key": "<object_1_key>",
          "VersionId": "null"
      },
      {
          "Key": "<object_2_key>",
          "VersionId": "null"
      }
      ...
      {
          "Key": "<object_n_key>",
          "VersionId": "null"
      }
  ]
}

You can specify objects for deletion using a query template in JMESPath format. To delete objects using a query template, run the following command:

  • Bash:

    aws s3api list-objects \
  --endpoint-url https://storage.yandexcloud.net \
  --bucket <bucket_name> \
  --query '<query>' \
  --output text | xargs -I {} aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket <bucket_name> --key {}

    Where:

    • --bucket: Bucket name.
    • --query: Query in JMESPath format.

    Here is an example of the command that deletes from sample-bucket all objects located in the screenshots folder whose filenames start with 20231002:

    aws s3api list-objects \
  --endpoint-url https://storage.yandexcloud.net \
  --bucket sample-bucket \
  --query 'Contents[?starts_with(Key, `screenshots/20231002`) == `true`].[Key]' \
  --output text | xargs -I {} aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket sample-bucket --key {}

  • PowerShell:

    Foreach($x in (aws s3api list-objects `
  --endpoint-url https://storage.yandexcloud.net `
  --bucket <bucket_name> `
  --query '<query>' `
  --output text)) `
  {aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket <bucket_name> --key $x}

    Where:

    • --bucket: Bucket name.
    • --query: Query in JMESPath format.

    Here is an example of the command that deletes from sample-bucket all objects located in the screenshots folder whose filenames start with 20231002:

    Foreach($x in (aws s3api list-objects `
  --endpoint-url https://storage.yandexcloud.net `
  --bucket sample-bucket `
  --query 'Contents[?starts_with(Key, `screenshots/20231002`) == `true`].[Key]' `
  --output text)) `
  {aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket sample-bucket --key $x}

Note

Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin, for the folder where you are going to create resources.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

To delete an object created with Terraform from a bucket:

  1. Open the Terraform configuration file and delete the fragment with the object description.

    Example object description in a Terraform configuration
    ...
resource "yandex_storage_object" "cute-cat-picture" {
  access_key = "YCAJEX9Aw2ge********-w-lJ"
  secret_key = "YCONxG7rSdzVF9UMxLA_NRy5VbKzKlqZ********"
  bucket     = "cat-pictures"
  key        = "cute-cat"
  source     = "/images/cats/cute-cat.jpg"
}
...

  2. In the command line, go to the directory with the Terraform configuration file.

  3. Check the configuration using this command:

    terraform validate

    If the configuration is correct, you will get this message:

    Success! The configuration is valid.

  4. Run this command:

    terraform plan

    The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.

  5. Apply the configuration changes:

    terraform apply

  6. Confirm the changes: type yes into the terminal and press Enter.

    You can check the changes in the management console.

Use the delete S3 API method.

Note

It is more convenient to work with multiple objects at once using the CyberDuck and WinSCP file browsers or the AWS CLI.

Deleting an object version with an object lock

If object lock is enabled in the bucket, some or all users can be forbidden to delete an object version.

To check whether lock has been put and delete the object version when possible:

  1. If possible, remove the lock from the object you want to delete.
  2. Delete the object.

In the management console, the information about the number of objects in the bucket and used up space is updated with a few minutes delay.

Note

It is more convenient to work with multiple objects at once using the CyberDuck and WinSCP file browsers or the AWS CLI.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. Get information about an object version lock:

    yc storage s3api head-object \
  --bucket <bucket_name> \
  --key <object_key> \
  --version-id <version_ID>

    Where:

    • --bucket: Name of your bucket.
    • --key: Object key.
    • --version-id: Object version ID.

    If there is a lock for the version, you will see the following:

    object_lock_mode: GOVERNANCE
object_lock_retain_until_date: "2024-10-11T10:23:12Z"

    Or:

    object_lock_legal_hold_status: ON

    Where:

    • object_lock_mode: Temporary lock type:

      • GOVERNANCE: Temporary managed lock. A user with the storage.admin role can delete an object version.
      • COMPLIANCE: Temporary strict lock. You cannot delete an object version.

    • object_lock_retain_until_date: Retention end date and time in any format described in the HTTP standard, e.g., Mon, 12 Dec 2022 09:00:00 GMT.

    • object_lock_legal_hold_status: Legal hold status:

      • ON: Enabled You cannot delete an object version. To remove a lock, a user must have the storage.uploader role.
      • OFF: Disabled.

    If the object version is not locked, these fields will not be displayed, and you can delete the object version just as you would do in case of an unlocked version, following this guide.

  2. Get a list of buckets in the default folder:

    yc storage bucket list

    Result:

    +------------------+----------------------+-------------+-----------------------+---------------------+
|       NAME       |      FOLDER ID       |  MAX SIZE   | DEFAULT STORAGE CLASS |     CREATED AT      |
+------------------+----------------------+-------------+-----------------------+---------------------+
| first-bucket     | b1gmit33ngp6******** | 53687091200 | STANDARD              | 2022-12-16 13:58:18 |
+------------------+----------------------+-------------+-----------------------+---------------------+

  3. If the temporary managed lock ("object_lock_mode": "GOVERNANCE") is set, and you have the storage.admin role, delete the object version:

    yc storage s3api delete-object \
  --bucket <bucket_name> \
  --key <object_key> \
  --version-id <version_ID> \
  --bypass-governance-retention

    Where:

    • --bucket: Name of your bucket.
    • --key: Object key.
    • --version-id: Object version ID.
    • --bypass-governance-retention: Flag that shows that a lock is bypassed.

    Result:

    request_id: a58bf215********
version_id: "null"

  1. If you do not have the AWS CLI yet, install and configure it.

  2. Get information about an object lock:

    aws --endpoint-url=https://storage.yandexcloud.net \
  s3api head-object \
  --bucket <bucket_name> \
  --key <object_key> \
  --version-id <version_ID>

    Where:

    • --bucket: Name of your bucket.
    • --key: Object key.
    • --version-id: Object version ID.

    If an object version is locked, the following command returns the lock details:

    {
  ...
  "ObjectLockMode": "<temporary_lock_type>",
  "ObjectLockRetainUntilDate": "<date_and_time>",
  "ObjectLockLegalHoldStatus": "<indefinite_lock_status>",
  ...
}

    Where:

    • ObjectLockMode: Temporary lock type:

      • GOVERNANCE: Temporary managed lock. A user with the storage.admin role can delete an object version.
      • COMPLIANCE: Temporary strict lock. You cannot delete an object version.

    • ObjectLockRetainUntilDate: Retention end date and time in any format described in the HTTP standard, e.g., Mon, 12 Dec 2022 09:00:00 GMT.

    • ObjectLockLegalHoldStatus: Legal hold status:

      • ON: Enabled. You cannot delete an object version. To remove a lock, a user must have the storage.uploader role.
      • OFF: Disabled.

    If the object version is not locked, these fields will not be displayed, and you can delete the object version just as you would do in case of an unlocked version, following this guide.

  3. If the temporary managed lock ("ObjectLockMode": "GOVERNANCE") is set, and you have the storage.admin role, delete the object version:

    aws --endpoint-url=https://storage.yandexcloud.net \
  s3api delete-object \
  --bucket <bucket_name> \
  --key <object_key> \
  --version-id <version_ID> \
  --bypass-governance-retention

    Where:

    • --bucket: Name of your bucket.
    • --key: Object key.
    • --version-id: Object version ID.
    • --bypass-governance-retention: Flag that shows that a lock is bypassed.
  1. To get the details of the lock applied to an object version, use the getObjectRetention (retention) and getObjectLegalHold (legal hold) S3 API methods.
  2. If you only have the temporary managed lock (GOVERNANCE) set, and you have the storage.admin role, delete the object version using the delete S3 API method. In your request, specify the version ID and the X-Amz-Bypass-Governance-Retention header to confirm lock bypass.
Previous
Configuring an object lock
Next
Deleting all objects