Deleting an object
Deleting an object or object version without a lock
Any object or object version without a lock (with no locks enabled in the bucket) can be deleted without further confirmation.
Note
To delete an object with an incomplete multipart upload, follow this guide.
The minimum required role is storage.editor.
To delete an object:
-
In the management console, select Object Storage from the list of services and go to the bucket storing the object you want to delete.
-
In the left-hand panel, select Objects.
-
To see all versions of objects in the list, enable Show versions to the right of the object search field in the bucket.
-
To delete a single object, click and select Delete.
To delete multiple objects, select them from the list and click Delete at the bottom of the screen.
Note
You can delete a folder with objects. This is an asynchronous operation, so the objects will not disappear from the bucket right away but will be deleted gradually. Meanwhile, you can continue working in the management console, even uploading new objects to the folder being deleted. You can learn more here.
-
In the window that opens, click Delete.
In the management console, the information about the number of objects and storage space used in the bucket is updated with a few minutes' delay.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.
-
See the description of the CLI command for deleting an object from a bucket:
yc storage s3api delete-object --help -
Get a list of buckets in the default folder:
yc storage bucket listResult:
+------------------+----------------------+-------------+-----------------------+---------------------+ | NAME | FOLDER ID | MAX SIZE | DEFAULT STORAGE CLASS | CREATED AT | +------------------+----------------------+-------------+-----------------------+---------------------+ | first-bucket | b1gmit33ngp6******** | 53687091200 | STANDARD | 2022-12-16 13:58:18 | +------------------+----------------------+-------------+-----------------------+---------------------+ -
Run this command:
yc storage s3api put-object \ --bucket <bucket_name> \ --key <object_key>Where:
--bucket: Name of your bucket.--key: Object key.
Result:
request_id: 0311ec7********
If you do not have the AWS CLI yet, install and configure it.
In the terminal, run aws s3api delete-object:
aws s3api delete-object \
--endpoint-url https://storage.yandexcloud.net \
--bucket <bucket_name> \
--key <object_key>
Where:
--bucket: Name of your bucket.--key: Object key.
To delete multiple objects at once, provide the keys of these objects in the --delete parameter:
-
Bash:
aws s3api delete-objects \ --endpoint-url=https://storage.yandexcloud.net \ --bucket <bucket_name> \ --delete '{"Objects":[{"Key":"<object_1_key>"},{"Key":"<object_2_key>"},...,{"Key":"<object_n_key>"}]}' -
PowerShell:
aws s3api delete-objects ` --endpoint-url=https://storage.yandexcloud.net ` --bucket <bucket_name> ` --delete '{\"Objects\":[{\"Key\":\"<object_1_key>\"},{\"Key\":\"<object_2_key>\"},...,{\"Key\":\"<object_n_key>\"}]}'
Where:
--bucket: Bucket name.<object_1_key>,<object_2_key>,<object_n_key>: Keys of objects to delete.
Result:
{
"Deleted": [
{
"Key": "<object_1_key>",
"VersionId": "null"
},
{
"Key": "<object_2_key>",
"VersionId": "null"
}
...
{
"Key": "<object_n_key>",
"VersionId": "null"
}
]
}
You can use a JMESPath query template to specify objects you want to delete. To delete objects using a query template, run this command:
-
Bash:
aws s3api list-objects \ --endpoint-url https://storage.yandexcloud.net \ --bucket <bucket_name> \ --query '<query>' \ --output text | xargs -I {} aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket <bucket_name> --key {}Where:
--bucket: Bucket name.--query: Query in JMESPath format.
Here is an example of the command that deletes all objects located in the
screenshotsfolder and having filenames starting with20231002fromsample-bucket:aws s3api list-objects \ --endpoint-url https://storage.yandexcloud.net \ --bucket sample-bucket \ --query 'Contents[?starts_with(Key, `screenshots/20231002`) == `true`].[Key]' \ --output text | xargs -I {} aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket sample-bucket --key {} -
PowerShell:
Foreach($x in (aws s3api list-objects ` --endpoint-url https://storage.yandexcloud.net ` --bucket <bucket_name> ` --query '<query>' ` --output text)) ` {aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket <bucket_name> --key $x}Where:
--bucket: Bucket name.--query: Query in JMESPath format.
Here is an example of the command that deletes all objects located in the
screenshotsfolder and having filenames starting with20231002fromsample-bucket:Foreach($x in (aws s3api list-objects ` --endpoint-url https://storage.yandexcloud.net ` --bucket sample-bucket ` --query 'Contents[?starts_with(Key, `screenshots/20231002`) == `true`].[Key]' ` --output text)) ` {aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket sample-bucket --key $x}
Note
Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin, for the folder where you are going to create resources.
With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.
For more information about the provider resources, see the documentation on the Terraform website or mirror website.
If you do not have Terraform yet, install it and configure its Yandex Cloud provider.
To delete an object created with Terraform from a bucket:
-
Open the Terraform configuration file and delete the section specifying the object.
Example of specifying an object in Terraform configuration
... resource "yandex_storage_object" "cute-cat-picture" { access_key = "YCAJEX9Aw2ge********-w-lJ" secret_key = "YCONxG7rSdzVF9UMxLA_NRy5VbKzKlqZ********" bucket = "cat-pictures" key = "cute-cat" source = "/images/cats/cute-cat.jpg" } ... -
In the command line, go to the directory with the Terraform configuration file.
-
Check the configuration using this command:
terraform validateIf the configuration is correct, you will get this message:
Success! The configuration is valid. -
Run this command:
terraform planThe terminal will display a list of resources with their parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply -
Confirm the changes: type
yesinto the terminal and press Enter.You can check the update using the management console.
Deleting an object version with an object lock
If the bucket is configured with object version locks, some or all users might be unable to delete object versions.
To check for a lock and delete the object version where possible:
- If possible, remove the lock from the object you want to delete.
- Delete the object.
In the management console, the information about the number of objects and storage space used in the bucket is updated with a few minutes' delay.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.
-
Get information about an object version lock:
yc storage s3api head-object \ --bucket <bucket_name> \ --key <object_key> \ --version-id <version_ID>Where:
--bucket: Name of your bucket.--key: Object key.--version-id: Object version ID.
If there is a lock for the version, you will see the following:
object_lock_mode: GOVERNANCE object_lock_retain_until_date: "2024-10-11T10:23:12Z"Alternatively, you may see the following line:
object_lock_legal_hold_status: ONWhere:
-
object_lock_mode: Type of retention:GOVERNANCE: Governance-mode retention. To delete the object version, you need thestorage.adminrole.COMPLIANCE: Compliance-mode retention. You cannot delete the object version.
-
object_lock_retain_until_date: Retention end date and time in any format described in the HTTP standard, e.g.,Mon, 12 Dec 2022 09:00:00 GMT. -
object_lock_legal_hold_status: Legal hold status:ON: Enabled. You cannot delete the object version. To remove the lock, you need thestorage.uploaderrole.OFF: Disabled.
If the object version is not locked, these fields will not appear, and you can delete the object version by following this guide.
-
Get a list of buckets in the default folder:
yc storage bucket listResult:
+------------------+----------------------+-------------+-----------------------+---------------------+ | NAME | FOLDER ID | MAX SIZE | DEFAULT STORAGE CLASS | CREATED AT | +------------------+----------------------+-------------+-----------------------+---------------------+ | first-bucket | b1gmit33ngp6******** | 53687091200 | STANDARD | 2022-12-16 13:58:18 | +------------------+----------------------+-------------+-----------------------+---------------------+ -
If the governance-mode retention (
"object_lock_mode": "GOVERNANCE") is set, and you have thestorage.adminrole, delete the object version:yc storage s3api delete-object \ --bucket <bucket_name> \ --key <object_key> \ --version-id <version_ID> \ --bypass-governance-retentionWhere:
--bucket: Name of your bucket.--key: Object key.--version-id: Object version ID.--bypass-governance-retention: Flag to enable bypassing the lock.
Result:
request_id: a58bf215******** version_id: "null"
-
If you do not have the AWS CLI yet, install and configure it.
-
Get information about an object lock:
aws --endpoint-url=https://storage.yandexcloud.net \ s3api head-object \ --bucket <bucket_name> \ --key <object_key> \ --version-id <version_ID>Where:
--bucket: Name of your bucket.--key: Object key.--version-id: Object version ID.
If your object version is locked, you can find the lock details in the command output:
{ ... "ObjectLockMode": "<retention_type>", "ObjectLockRetainUntilDate": "<date_and_time>", "ObjectLockLegalHoldStatus": "<legal_hold_status>", ... }Where:
-
ObjectLockMode: Type of retention:GOVERNANCE: Governance-mode retention. To delete the object version, you need thestorage.adminrole.COMPLIANCE: Compliance-mode retention. You cannot delete the object version.
-
ObjectLockRetainUntilDate: Retention end date and time in any format described in the HTTP standard, e.g.,Mon, 12 Dec 2022 09:00:00 GMT. -
ObjectLockLegalHoldStatus: Legal hold status:ON: Enabled. You cannot delete the object version. To remove the lock, you need thestorage.uploaderrole.OFF: Disabled.
If the object version is not locked, these fields will not appear, and you can delete the object version by following this guide.
-
If the governance-mode retention (
"ObjectLockMode": "GOVERNANCE") is set, and you have thestorage.adminrole, delete the object version:aws --endpoint-url=https://storage.yandexcloud.net \ s3api delete-object \ --bucket <bucket_name> \ --key <object_key> \ --version-id <version_ID> \ --bypass-governance-retentionWhere:
--bucket: Name of your bucket.--key: Object key.--version-id: Object version ID.--bypass-governance-retention: Flag to enable bypassing the lock.
- To get info on a lock applied to an object version, use the getObjectRetention and getObjectLegalHold S3 API methods.
- If the governance-mode retention (
GOVERNANCE) is only set, and you have thestorage.adminrole, delete the object version using the delete S3 API method. In your request, specify the version ID and theX-Amz-Bypass-Governance-Retentionheader to confirm bypassing the lock.