Part 3 : Enabling WORM via S3 SDK.

Anirudha | Wed, 04/15/2020 - 04:08

I am using standard S3 python (boto3) SDK for my experiments. You can use any language for this.

import boto3
import json
session = boto3.session.Session()

#Endpoint information
endpoint_url = ""
access_key = "Ty1H802tIvWlXrvKb_gAK8UrasmK69Nw"
secret_key = "Cvg3tyTMiYj-1Z8h0LfkYQDnw8zMuCLX"

#Bucket name
bucket = "bucket-from-api"
objname = "somekey"

#Connect to your Objects endpoint.
s3c = session.client(aws_access_key_id=access_key,

#Check if bucket exists and create it.
print "Creating bucket : %s"%(bucket)

#Enable versioning
print "Enabling versioning on bucket : %s"%(bucket)
versioning_config = {"Status":"Enabled"}
s3c.put_bucket_versioning(Bucket=bucket, VersioningConfiguration=versioning_config)

#Setting WORM on bucket.
worm_config = {
        "ObjectLockEnabled" : "Enabled",
        "Rule": {
             "DefaultRetention": {
             "Mode": "COMPLIANCE",

print "Configuring WORM %s on bucket : %s"%(worm_config, bucket)

#Get Bucket's WORM status
print "WORM policies on bucket : %s"%(bucket)
print json.dumps(s3c.get_object_lock_configuration(Bucket=bucket), indent=4)

#Upload Object to bucket
res = s3c.put_object(Bucket=bucket, Key=objname)
versionid = res["VersionId"]

#Delete Object Version
print "Deleting object %s (version : %s)"%(objname, versionid)
s3c.delete_object(Bucket=bucket, Key=objname, VersionId=versionid)


You can also find this code on Git @ here

Output of above code:

Creating bucket : bucket-from-api
Enabling versioning on bucket : bucket-from-api
Configuring WORM {'ObjectLockEnabled': 'Enabled', 'Rule': {'DefaultRetention': {'Mode': 'COMPLIANCE', 'Days': 1}}} on bucket : bucket-from-api
WORM policies on bucket : bucket-from-api
        "ObjectLockConfiguration": {
        "ObjectLockEnabled": "Enabled",
        "Rule": {
             "DefaultRetention": {
             "Mode": "COMPLIANCE",
             "Days": 1
"ResponseMetadata": {
        "HTTPStatusCode": 200,
        "RetryAttempts": 0,
        "HostId": "",
        "RequestId": "1605CF311E3547B3",
        "HTTPHeaders": {
            "transfer-encoding": "chunked",
            "accept-ranges": "bytes",
            "vary": "Origin",
            "server": "NutanixS3",
            "x-amz-request-id": "1605CF311E3547B3",
            "date": "Tue, 14 Apr 2020 22:10:53 GMT",
            "content-type": "application/xml"

Deleting object somekey (version : 8452410)
    Traceback (most recent call last):
    File "", line 55, in <module>
      s3c.delete_object(Bucket=bucket, Key=objname, VersionId=versionid)
    File "/Users/anirudha.sonar/Library/Python/2.7/lib/python/site-packages/botocore/", line 316, in _api_call
      return self._make_api_call(operation_name, kwargs)
    File "/Users/anirudha.sonar/Library/Python/2.7/lib/python/site-packages/botocore/", line 626, in _make_api_call
      raise error_class(parsed_response, operation_name)
    botocore.exceptions.ClientError: An error occurred (MethodNotAllowed) when calling the DeleteObject operation: An object from the object-lock enabled bucket can not be deleted unless the retention period is elapsed.

Thats it. Easy !!!