Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Deleting an object

Written by
Improved by
Updated at July 14, 2025

Warning

By default, the delete operation is irreversible. You can only restore the objects that were uploaded with versioning on.

Deleting an object or object version without a lock

Any object or object version without a lock (with no locks enabled in the bucket) can be deleted without further confirmation.

Note

To delete an object with an incomplete multipart upload, follow this guide.

The minimum required role is storage.editor.

To delete an object:

  1. In the management console, select Object Storage from the list of services and go to the bucket storing the object you want to delete.

  2. In the left-hand panel, select Objects.

  3. To see all versions of objects in the list, enable Show versions to the right of the object search field in the bucket.

  4. To delete a single object, click and select Delete.

    To delete multiple objects, select them from the list and click Delete at the bottom of the screen.

    Note

    You can delete a directory with objects. This is an asynchronous operation, so the objects will not disappear from the bucket right away but will be deleted gradually. Meanwhile, you can continue with other operations in the management console, including uploading new objects to the directory which is being deleted. You can learn more here.

  5. In the window that opens, click Delete.

In the management console, the information about the number of objects and storage space used in the bucket is updated with a few minutes' delay.

Note

It is more convenient to work with multiple objects using the CyberDuck and WinSCP file browsers or the AWS CLI.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command for deleting an object from a bucket:

    yc storage s3api delete-object --help

  2. Get a list of buckets in the default folder:

    yc storage bucket list

    Result:

    +------------------+----------------------+-------------+-----------------------+---------------------+
|       NAME       |      FOLDER ID       |  MAX SIZE   | DEFAULT STORAGE CLASS |     CREATED AT      |
+------------------+----------------------+-------------+-----------------------+---------------------+
| first-bucket     | b1gmit33ngp6******** | 53687091200 | STANDARD              | 2022-12-16 13:58:18 |
+------------------+----------------------+-------------+-----------------------+---------------------+

  3. Run this command:

    yc storage s3api put-object \
  --bucket <bucket_name> \
  --key <object_key>

    Where:

    • --bucket: Name of your bucket.
    • --key: Object key.

    Result:

    request_id: 0311ec7********

    Alternative command:

    yc storage s3 rm \
  s3://<bucket_name>/<object_key>

    Result:

    delete: s3://my-bucket/object.txt

If you do not have the AWS CLI yet, install and configure it.

In the terminal, run aws s3api delete-object:

aws s3api delete-object \
  --endpoint-url https://storage.yandexcloud.net \
  --bucket <bucket_name> \
  --key <object_key>

Where:

  • --bucket: Name of your bucket.
  • --key: Object key.

To delete multiple objects at once, provide the keys of these objects in the --delete parameter:

  • Bash:

    aws s3api delete-objects \
  --endpoint-url=https://storage.yandexcloud.net \
  --bucket <bucket_name> \
  --delete '{"Objects":[{"Key":"<object_1_key>"},{"Key":"<object_2_key>"},...,{"Key":"<object_n_key>"}]}'

  • PowerShell:

    aws s3api delete-objects `
  --endpoint-url=https://storage.yandexcloud.net `
  --bucket <bucket_name> `
  --delete '{\"Objects\":[{\"Key\":\"<object_1_key>\"},{\"Key\":\"<object_2_key>\"},...,{\"Key\":\"<object_n_key>\"}]}'

Where:

  • --bucket: Bucket name.
  • <object_1_key>, <object_2_key>, <object_n_key>: Keys of objects to delete.

Result:

{
  "Deleted": [
      {
          "Key": "<object_1_key>",
          "VersionId": "null"
      },
      {
          "Key": "<object_2_key>",
          "VersionId": "null"
      }
      ...
      {
          "Key": "<object_n_key>",
          "VersionId": "null"
      }
  ]
}

You can use a JMESPath query template to specify objects you want to delete. To delete objects using a query template, run this command:

  • Bash:

    aws s3api list-objects \
  --endpoint-url https://storage.yandexcloud.net \
  --bucket <bucket_name> \
  --query '<query>' \
  --output text | xargs -I {} aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket <bucket_name> --key {}

    Where:

    • --bucket: Bucket name.
    • --query: Query in JMESPath format.

    Here is an example of the command that deletes all objects with filenames starting with 20231002 from sample-bucket from in the screenshots directory:

    aws s3api list-objects \
  --endpoint-url https://storage.yandexcloud.net \
  --bucket sample-bucket \
  --query 'Contents[?starts_with(Key, `screenshots/20231002`) == `true`].[Key]' \
  --output text | xargs -I {} aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket sample-bucket --key {}

  • PowerShell:

    Foreach($x in (aws s3api list-objects `
  --endpoint-url https://storage.yandexcloud.net `
  --bucket <bucket_name> `
  --query '<request>' `
  --output text)) `
  {aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket <bucket_name> --key $x}

    Where:

    • --bucket: Bucket name.
    • --query: Query in JMESPath format.

    Here is an example of the command that deletes all objects with filenames starting with 20231002 from sample-bucket from in the screenshots directory:

    Foreach($x in (aws s3api list-objects `
  --endpoint-url https://storage.yandexcloud.net `
  --bucket sample-bucket `
  --query 'Contents[?starts_with(Key, `screenshots/20231002`) == `true`].[Key]' `
  --output text)) `
  {aws s3api delete-object --endpoint-url https://storage.yandexcloud.net --bucket sample-bucket --key $x}

Note

Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin, for the folder where you are going to create resources.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the relevant documentation on the Terraform website or its mirror.

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

To delete an object created with Terraform from a bucket:

  1. Open the Terraform configuration file and delete the section specifying the object.

    Example of specifying an object in Terraform configuration
    ...
resource "yandex_storage_object" "cute-cat-picture" {
  access_key = "YCAJEX9Aw2ge********-w-lJ"
  secret_key = "YCONxG7rSdzVF9UMxLA_NRy5VbKzKlqZ********"
  bucket     = "cat-pictures"
  key        = "cute-cat"
  source     = "/images/cats/cute-cat.jpg"
}
...

  2. In the command line, navigate to the directory with the Terraform configuration file.

  3. Check the configuration using this command:

    terraform validate

    If the configuration is correct, you will get this message:

    Success! The configuration is valid.

  4. Run this command:

    terraform plan

    You will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.

  5. Apply the changes:

    terraform apply

  6. Confirm the changes: type yes into the terminal and press Enter.

    You can check the update using the management console.

Use the delete S3 API method.

Note

It is more convenient to work with multiple objects using the CyberDuck and WinSCP file browsers or the AWS CLI.

Deleting an object version with an object lock

If the bucket is configured with object version locks, some or all users might be unable to delete object versions.

To check for a lock and delete the object version where possible:

  1. If possible, remove the lock from the object you want to delete.
  2. Delete the object.

In the management console, the information about the number of objects and storage space used in the bucket is updated with a few minutes' delay.

Note

It is more convenient to work with multiple objects using the CyberDuck and WinSCP file browsers or the AWS CLI.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. Get information about an object version lock:

    yc storage s3api head-object \
  --bucket <bucket_name> \
  --key <object_key> \
  --version-id <version_ID>

    Where:

    • --bucket: Name of your bucket.
    • --key: Object key.
    • --version-id: Object version ID.

    If there is a lock for the version, you will see the following:

    object_lock_mode: GOVERNANCE
object_lock_retain_until_date: "2024-10-11T10:23:12Z"

    Or:

    object_lock_legal_hold_status: ON

    Where:

    • object_lock_mode: Type of retention:

      • GOVERNANCE: Governance-mode retention. To delete the object version, you need the storage.admin role.
      • COMPLIANCE: Compliance-mode retention. You cannot delete the object version.

    • object_lock_retain_until_date: Retention end date and time in any format described in the HTTP standard, e.g., Mon, 12 Dec 2022 09:00:00 GMT.

    • object_lock_legal_hold_status: Legal hold status:

      • ON: Enabled. You cannot delete the object version. To remove the lock, you need the storage.uploader role.
      • OFF: Disabled.

    If the object version is not locked, these fields will not appear, and you can delete the object version by following this guide.

  2. Get a list of buckets in the default folder:

    yc storage bucket list

    Result:

    +------------------+----------------------+-------------+-----------------------+---------------------+
|       NAME       |      FOLDER ID       |  MAX SIZE   | DEFAULT STORAGE CLASS |     CREATED AT      |
+------------------+----------------------+-------------+-----------------------+---------------------+
| first-bucket     | b1gmit33ngp6******** | 53687091200 | STANDARD              | 2022-12-16 13:58:18 |
+------------------+----------------------+-------------+-----------------------+---------------------+

  3. If the governance-mode retention ("object_lock_mode": "GOVERNANCE") is set, and you have the storage.admin role, delete the object version:

    yc storage s3api delete-object \
  --bucket <bucket_name> \
  --key <object_key> \
  --version-id <version_ID> \
  --bypass-governance-retention

    Where:

    • --bucket: Name of your bucket.
    • --key: Object key.
    • --version-id: Object version ID.
    • --bypass-governance-retention: Lock bypass flag.

    Result:

    request_id: a58bf215********
version_id: "null"

  1. If you do not have the AWS CLI yet, install and configure it.

  2. Get information about an object lock:

    aws --endpoint-url=https://storage.yandexcloud.net \
  s3api head-object \
  --bucket <bucket_name> \
  --key <object_key> \
  --version-id <version_ID>

    Where:

    • --bucket: Name of your bucket.
    • --key: Object key.
    • --version-id: Object version ID.

    If your object version is locked, you can find the lock details in the command output:

    {
  ...
  "ObjectLockMode": "<retention_type>",
  "ObjectLockRetainUntilDate": "<date_and_time>",
  "ObjectLockLegalHoldStatus": "<legal_hold_status>",
  ...
}

    Where:

    • ObjectLockMode: Type of retention:

      • GOVERNANCE: Temporary managed lock. To delete the object version, you need the storage.admin role.
      • COMPLIANCE: Compliance-mode retention. You cannot delete the object version.

    • ObjectLockRetainUntilDate: Retention end date and time in any format described in the HTTP standard, e.g., Mon, 12 Dec 2022 09:00:00 GMT.

    • ObjectLockLegalHoldStatus: Legal hold status:

      • ON: Enabled. You cannot delete the object version. To remove the lock, you need the storage.uploader role.
      • OFF: Disabled.

    If the object version is not locked, these fields will not appear, and you can delete the object version by following this guide.

  3. If the governance-mode retention ("ObjectLockMode": "GOVERNANCE") is set, and you have the storage.admin role, delete the object version:

    aws --endpoint-url=https://storage.yandexcloud.net \
  s3api delete-object \
  --bucket <bucket_name> \
  --key <object_key> \
  --version-id <version_ID> \
  --bypass-governance-retention

    Where:

    • --bucket: Name of your bucket.
    • --key: Object key.
    • --version-id: Object version ID.
    • --bypass-governance-retention: Lock bypass flag.
  1. To get info on a lock applied to an object version, use the getObjectRetention and getObjectLegalHold S3 API methods.
  2. If the governance-mode retention (GOVERNANCE) is only set, and you have the storage.admin role, delete the object version using the delete S3 API method. In your request, specify the version ID and the X-Amz-Bypass-Governance-Retention header to confirm bypassing the lock.
Previous
Configuring an object lock
Next
Deleting all objects