Deleting an object
Deleting an object or object version without a lock
An object or object version for which the lock has not been set (e.g., because object lock is not enabled in the bucket) can be deleted without any additional confirmation.
Note
To delete an object with an incomplete multipart upload, follow these instructions.
The minimum required role is storage.editor
.
To delete an object:
-
In the management console
, select Object Storage from the list of services and go to the bucket where the object you need to delete is stored. -
In the left-hand panel, select
Objects. -
To see all versions of objects in the list, enable Show versions to the right of the object search field in the bucket.
-
To delete a single object, click
→ Delete.To do the same with multiple objects, select them in the list and click Delete at the bottom of the screen.
Note
You can delete a folder with objects. This is an asynchronous operation. Once run, objects are gradually deleted from the bucket instead of all at once. During this time, you can perform other operations in the management console, including upload new objects to the folder being deleted. For more information, see Folder.
-
In the window that opens, click Delete.
In the management console, the information about the number of objects in the bucket and used up space is updated with a few minutes delay.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
See the description of the CLI command for deleting an object from a bucket:
yc storage s3api delete-object --help
-
Get a list of buckets in the default folder:
yc storage bucket list
Result:
+------------------+----------------------+-------------+-----------------------+---------------------+ | NAME | FOLDER ID | MAX SIZE | DEFAULT STORAGE CLASS | CREATED AT | +------------------+----------------------+-------------+-----------------------+---------------------+ | first-bucket | b1gmit33ngp6******** | 53687091200 | STANDARD | 2022-12-16 13:58:18 | +------------------+----------------------+-------------+-----------------------+---------------------+
-
Run this command:
yc storage s3api put-object \ --bucket <bucket_name> \ --key <object_key>
Where:
--bucket
: Name of your bucket.--key
: Object key.
Result:
request_id: 0311ec7********
If you do not have the AWS CLI yet, install and configure it.
In the terminal, run the aws s3api delete-object
command:
aws s3api delete-object \
--endpoint-url https://storage.yandexcloud.net \
--bucket <bucket_name> \
--key <object_key>
Where:
--bucket
: Name of your bucket.--key
: Object key.
To delete multiple objects at once, provide the keys of these objects in the --delete
parameter:
-
Bash:
aws s3api delete-objects \ --endpoint-url=https://storage.yandexcloud.net \ --bucket <bucket_name> \ --delete '{"Objects":[{"Key":"<object_1_key>"},{"Key":"<object_2_key>"},...,{"Key":"<object_n_key>"}]}'
-
PowerShell:
aws s3api delete-objects ` --endpoint-url=https://storage.yandexcloud.net ` --bucket <bucket_name> ` --delete '{\"Objects\":[{\"Key\":\"<object_1_key>\"},{\"Key\":\"<object_2_key>\"},...,{\"Key\":\"<object_n_key>\"}]}'
Where:
--bucket
: Bucket name.<object_1_key>
,<object_2_key>
,<object_n_key>
: Keys of objects you need to delete.
Result:
{
"Deleted": [
{
"Key": "<object_1_key>",
"VersionId": "null"
},
{
"Key": "<object_2_key>",
"VersionId": "null"
}
...
{
"Key": "<object_n_key>",
"VersionId": "null"
}
]
}
You can specify objects for deletion using a query template in JMESPath format. To delete objects using a query template, run the following command:
-
Bash:
aws s3api list-objects \ --endpoint-url https://storage.yandexcloud.net \ --bucket <bucket_name> \ --query '<query>' \ --output text | xargs -I {} aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket <bucket_name> --key {}
Where:
--bucket
: Bucket name.--query
: Query in JMESPath format.
Here is an example of the command that deletes from
sample-bucket
all objects located in thescreenshots
folder whose filenames start with20231002
:aws s3api list-objects \ --endpoint-url https://storage.yandexcloud.net \ --bucket sample-bucket \ --query 'Contents[?starts_with(Key, `screenshots/20231002`) == `true`].[Key]' \ --output text | xargs -I {} aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket sample-bucket --key {}
-
PowerShell:
Foreach($x in (aws s3api list-objects ` --endpoint-url https://storage.yandexcloud.net ` --bucket <bucket_name> ` --query '<query>' ` --output text)) ` {aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket <bucket_name> --key $x}
Where:
--bucket
: Bucket name.--query
: Query in JMESPath format.
Here is an example of the command that deletes from
sample-bucket
all objects located in thescreenshots
folder whose filenames start with20231002
:Foreach($x in (aws s3api list-objects ` --endpoint-url https://storage.yandexcloud.net ` --bucket sample-bucket ` --query 'Contents[?starts_with(Key, `screenshots/20231002`) == `true`].[Key]' ` --output text)) ` {aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket sample-bucket --key $x}
Note
Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin
, for the folder where you are going to create resources.
With Terraform
Terraform is distributed under the Business Source License
For more information about the provider resources, see the documentation on the Terraform
If you don't have Terraform, install it and configure the Yandex Cloud provider.
To delete an object created with Terraform from a bucket:
-
Open the Terraform configuration file and delete the fragment with the object description.
Example object description in a Terraform configuration
... resource "yandex_storage_object" "cute-cat-picture" { access_key = "YCAJEX9Aw2ge********-w-lJ" secret_key = "YCONxG7rSdzVF9UMxLA_NRy5VbKzKlqZ********" bucket = "cat-pictures" key = "cute-cat" source = "/images/cats/cute-cat.jpg" } ...
-
In the command line, go to the directory with the Terraform configuration file.
-
Check the configuration using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
into the terminal and press Enter.You can check the changes in the management console
.
Deleting an object version with an object lock
If object lock is enabled in the bucket, some or all users can be forbidden to delete an object version.
To check whether lock has been put and delete the object version when possible:
- If possible, remove the lock from the object you want to delete.
- Delete the object.
In the management console, the information about the number of objects in the bucket and used up space is updated with a few minutes delay.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
Get information about an object version lock:
yc storage s3api head-object \ --bucket <bucket_name> \ --key <object_key> \ --version-id <version_ID>
Where:
--bucket
: Name of your bucket.--key
: Object key.--version-id
: Object version ID.
If there is a lock for the version, you will see the following:
object_lock_mode: GOVERNANCE object_lock_retain_until_date: "2024-10-11T10:23:12Z"
Or:
object_lock_legal_hold_status: ON
Where:
-
object_lock_mode
: Temporary lock type:GOVERNANCE
: Temporary managed lock. A user with thestorage.admin
role can delete an object version.COMPLIANCE
: Temporary strict lock. You cannot delete an object version.
-
object_lock_retain_until_date
: Retention end date and time in any format described in the HTTP standard , e.g.,Mon, 12 Dec 2022 09:00:00 GMT
. -
object_lock_legal_hold_status
: Legal hold status:ON
: Enabled You cannot delete an object version. To remove a lock, a user must have thestorage.uploader
role.OFF
: Disabled.
If the object version is not locked, these fields will not be displayed, and you can delete the object version just as you would do in case of an unlocked version, following this guide.
-
Get a list of buckets in the default folder:
yc storage bucket list
Result:
+------------------+----------------------+-------------+-----------------------+---------------------+ | NAME | FOLDER ID | MAX SIZE | DEFAULT STORAGE CLASS | CREATED AT | +------------------+----------------------+-------------+-----------------------+---------------------+ | first-bucket | b1gmit33ngp6******** | 53687091200 | STANDARD | 2022-12-16 13:58:18 | +------------------+----------------------+-------------+-----------------------+---------------------+
-
If the temporary managed lock (
"object_lock_mode": "GOVERNANCE"
) is set, and you have thestorage.admin
role, delete the object version:yc storage s3api delete-object \ --bucket <bucket_name> \ --key <object_key> \ --version-id <version_ID> \ --bypass-governance-retention
Where:
--bucket
: Name of your bucket.--key
: Object key.--version-id
: Object version ID.--bypass-governance-retention
: Flag that shows that a lock is bypassed.
Result:
request_id: a58bf215******** version_id: "null"
-
If you do not have the AWS CLI yet, install and configure it.
-
Get information about an object lock:
aws --endpoint-url=https://storage.yandexcloud.net \ s3api head-object \ --bucket <bucket_name> \ --key <object_key> \ --version-id <version_ID>
Where:
--bucket
: Name of your bucket.--key
: Object key.--version-id
: Object version ID.
If an object version is locked, the following command returns the lock details:
{ ... "ObjectLockMode": "<temporary_lock_type>", "ObjectLockRetainUntilDate": "<date_and_time>", "ObjectLockLegalHoldStatus": "<indefinite_lock_status>", ... }
Where:
-
ObjectLockMode
: Temporary lock type:GOVERNANCE
: Temporary managed lock. A user with thestorage.admin
role can delete an object version.COMPLIANCE
: Temporary strict lock. You cannot delete an object version.
-
ObjectLockRetainUntilDate
: Retention end date and time in any format described in the HTTP standard , e.g.,Mon, 12 Dec 2022 09:00:00 GMT
. -
ObjectLockLegalHoldStatus
: Legal hold status:ON
: Enabled. You cannot delete an object version. To remove a lock, a user must have thestorage.uploader
role.OFF
: Disabled.
If the object version is not locked, these fields will not be displayed, and you can delete the object version just as you would do in case of an unlocked version, following this guide.
-
If the temporary managed lock (
"ObjectLockMode": "GOVERNANCE"
) is set, and you have thestorage.admin
role, delete the object version:aws --endpoint-url=https://storage.yandexcloud.net \ s3api delete-object \ --bucket <bucket_name> \ --key <object_key> \ --version-id <version_ID> \ --bypass-governance-retention
Where:
--bucket
: Name of your bucket.--key
: Object key.--version-id
: Object version ID.--bypass-governance-retention
: Flag that shows that a lock is bypassed.
- To get the details of the lock applied to an object version, use the getObjectRetention (retention) and getObjectLegalHold (legal hold) S3 API methods.
- If you only have the temporary managed lock (
GOVERNANCE
) set, and you have thestorage.admin
role, delete the object version using the delete S3 API method. In your request, specify the version ID and theX-Amz-Bypass-Governance-Retention
header to confirm lock bypass.