Deleting an object
Deleting an object or object version without a lock
An object or object version for which the lock has not been set (e.g., because object lock is not enabled in the bucket) can be deleted without any additional confirmation.
Note
To delete an object with an incomplete multipart upload, follow these instructions.
The minimum required role is storage.editor.
To delete an object:
-
In the management console, select Object Storage from the list of services and go to the bucket where the object you need to delete is stored.
-
In the left-hand panel, select Objects.
-
To see all versions of objects in the list, enable Show versions to the right of the object search field in the bucket.
-
To delete a single object, click → Delete.
To do the same with multiple objects, select them in the list and click Delete at the bottom of the screen.
Note
You can delete a folder with objects. This is an asynchronous operation. Once run, objects are gradually deleted from the bucket instead of all at once. During this time, you can perform other operations in the management console, including upload new objects to the folder being deleted. For more information, see Folder.
-
In the window that opens, click Delete.
In the management console, information about the number of objects in a bucket and the used space is updated with a few minutes' delay.
If you do not have the AWS CLI yet, install and configure it.
In the terminal, run the aws s3api delete-object command:
aws s3api delete-object \
--endpoint-url https://storage.yandexcloud.net \
--bucket <bucket_name> \
--key <object_key>
Where:
--bucket: Name of your bucket.--key: Object key.
To delete multiple objects at once, provide the keys of these objects in the --delete parameter:
-
Bash:
aws s3api delete-objects \ --endpoint-url=https://storage.yandexcloud.net \ --bucket <bucket_name> \ --delete '{"Objects":[{"Key":"<object_1_key>"},{"Key":"<object_2_key>"},...,{"Key":"<object_n_key>"}]}' -
PowerShell:
aws s3api delete-objects ` --endpoint-url=https://storage.yandexcloud.net ` --bucket <bucket_name> ` --delete '{\"Objects\":[{\"Key\":\"<object_1_key>\"},{\"Key\":\"<object_2_key>\"},...,{\"Key\":\"<object_n_key>\"}]}'
Where:
--bucket: Bucket name.<object_1_key>,<object_2_key>,<object_n_key>: Keys of objects you need to delete.
Result:
{
"Deleted": [
{
"Key": "<object_1_key>",
"VersionId": "null"
},
{
"Key": "<object_2_key>",
"VersionId": "null"
}
...
{
"Key": "<object_n_key>",
"VersionId": "null"
}
]
}
You can specify objects for deletion using a query template in JMESPath format. To delete objects using a query template, run the following command:
-
Bash:
aws s3api list-objects \ --endpoint-url https://storage.yandexcloud.net \ --bucket <bucket_name> \ --query '<query>' \ --output text | xargs -I {} aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket <bucket_name> --key {}Where:
--bucket: Bucket name.--query: Query in JMESPath format.
Here is an example of the command that deletes from
sample-bucketall objects located in thescreenshotsfolder whose filenames start with20231002:aws s3api list-objects \ --endpoint-url https://storage.yandexcloud.net \ --bucket sample-bucket \ --query 'Contents[?starts_with(Key, `screenshots/20231002`) == `true`].[Key]' \ --output text | xargs -I {} aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket sample-bucket --key {} -
PowerShell:
Foreach($x in (aws s3api list-objects ` --endpoint-url https://storage.yandexcloud.net ` --bucket <bucket_name> ` --query '<query>' ` --output text)) ` {aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket <bucket_name> --key $x}Where:
--bucket: Bucket name.--query: Query in JMESPath format.
Here is an example of the command that deletes from
sample-bucketall objects located in thescreenshotsfolder whose filenames start with20231002:Foreach($x in (aws s3api list-objects ` --endpoint-url https://storage.yandexcloud.net ` --bucket sample-bucket ` --query 'Contents[?starts_with(Key, `screenshots/20231002`) == `true`].[Key]' ` --output text)) ` {aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket sample-bucket --key $x}
Note
Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin, for the folder where you are going to create resources.
Terraform allows you to quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. Configuration files store the infrastructure description in the HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Business Source License.
For more information about the provider resources, see the documentation on the Terraform website or the mirror.
If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
If you don't have Terraform, install it and configure the Yandex Cloud provider.
To delete an object created with Terraform from a bucket:
-
Open the Terraform configuration file and delete the fragment with the object description.
Example object description in a Terraform configuration
... resource "yandex_storage_object" "cute-cat-picture" { access_key = "YCAJEX9Aw2ge********-w-lJ" secret_key = "YCONxG7rSdzVF9UMxLA_NRy5VbKzKlqZ********" bucket = "cat-pictures" key = "cute-cat" source = "/images/cats/cute-cat.jpg" } ... -
In the command line, go to the directory with the Terraform configuration file.
-
Check the configuration using this command:
terraform validateIf the configuration is correct, you will get this message:
Success! The configuration is valid. -
Run this command:
terraform planThe terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply -
Confirm the changes: type
yesinto the terminal and press Enter.You can check the changes in the management console.
Deleting an object version with an object lock
If object lock is enabled in the bucket, some or all users can be forbidden to delete an object version.
To check whether lock has been put and delete the object version when possible:
- If possible, remove the lock from the object you want to delete.
- Delete the object.
In the management console, information about the number of objects in a bucket and the used space is updated with a few minutes' delay.
-
If you do not have the AWS CLI yet, install and configure it.
-
Get information about an object lock:
aws --endpoint-url=https://storage.yandexcloud.net \ s3api head-object \ --bucket <bucket_name> \ --key <object_key> \ --version-id <version_ID>Where:
--bucket: Name of your bucket.--key: Object key.--version-id: Object version ID.
If an object version is locked, the following command returns the lock details:
{ ... "ObjectLockMode": "<temporary_lock_type>", "ObjectLockRetainUntilDate": "<date_and_time>", "ObjectLockLegalHoldStatus": "<indefinite_lock_status>", ... }Where:
-
ObjectLockMode: Temporary lock type:GOVERNANCE: Temporary managed lock. A user with thestorage.adminrole can delete an object version.COMPLIANCE: Temporary strict lock. You cannot delete an object version.
-
ObjectLockRetainUntilDate: Retention end date and time in any format described in the HTTP standard, e.g.,Mon, 12 Dec 2022 09:00:00 GMT. -
ObjectLockLegalHoldStatus: Legal hold status:ON: Enabled. You cannot delete an object version. To remove a lock, a user must have thestorage.uploaderrole.OFF: Disabled.
If the object version is not locked, these fields will not be displayed, and you can delete the object version just as you would do in case of an unlocked version, following this guide.
-
If the temporary managed lock (
"ObjectLockMode": "GOVERNANCE") is set, and you have thestorage.adminrole, delete the object version:aws --endpoint-url=https://storage.yandexcloud.net \ s3api delete-object \ --bucket <bucket_name> \ --key <object_key> \ --version-id <version_ID> \ --bypass-governance-retentionWhere:
--bucket: Name of your bucket.--key: Object key.--version-id: Object version ID.--bypass-governance-retention: Flag that shows that a lock is bypassed.
- To get the details of the lock applied to an object version, use the getObjectRetention (retention) and getObjectLegalHold (legal hold) S3 API methods.
- If you only have the temporary managed lock (
GOVERNANCE) set, and you have thestorage.adminrole, delete the object version using the delete S3 API method. In your request, specify the version ID and theX-Amz-Bypass-Governance-Retentionheader to confirm lock bypass.