diff --git a/src/content/changelog/r2/2025-03-06-r2-bucket-locks.mdx b/src/content/changelog/r2/2025-03-06-r2-bucket-locks.mdx new file mode 100644 index 000000000000000..6de77053611bd77 --- /dev/null +++ b/src/content/changelog/r2/2025-03-06-r2-bucket-locks.mdx @@ -0,0 +1,33 @@ +--- +title: Set retention polices for your R2 bucket with bucket locks +description: Set retention polices for your R2 bucket with bucket locks +products: + - r2 +date: 2025-03-06T10:00:00Z +--- + +You can now use [bucket locks](/r2/buckets/bucket-locks/) to set retention policies on your [R2 buckets](/r2/buckets/) (or specific prefixes within your buckets) for a specified period — or indefinitely. This can help ensure compliance by protecting important data from accidental or malicious deletion. + +Locks give you a few ways to ensure your objects are retained (not deleted or overwritten). You can: + +- Lock objects for a specific duration, for example 90 days. +- Lock objects until a certain date, for example January 1, 2030. +- Lock objects indefinitely, until the lock is explicitly removed. + +Buckets can have up to 1,000 [bucket lock rules](/r2/buckets/). Each rule specifies which objects it covers (via prefix) and how long those objects must remain retained. + +Here are a couple of examples showing how you can configure bucket lock rules using [Wrangler](/workers/wrangler/): + +#### Ensure all objects in a bucket are retained for at least 180 days + +```sh +npx wrangler r2 bucket lock add --name 180-days-all --retention-days 180 +``` + +#### Prevent deletion or overwriting of all logs indefinitely (via prefix) + +```sh +npx wrangler r2 bucket lock add --name indefinite-logs --prefix logs/ --retention-indefinite +``` + +For more information on bucket locks and how to set retention policies for objects in your R2 buckets, refer to our [documentation](/r2/buckets/bucket-locks/). diff --git a/src/content/docs/r2/buckets/bucket-locks.mdx b/src/content/docs/r2/buckets/bucket-locks.mdx index e14a9ce60f1ae5f..d4ca07e172a7c84 100644 --- a/src/content/docs/r2/buckets/bucket-locks.mdx +++ b/src/content/docs/r2/buckets/bucket-locks.mdx @@ -12,6 +12,14 @@ Before getting started, you will need: - An existing R2 bucket. If you do not already have an existing R2 bucket, refer to [Create buckets](/r2/buckets/create-buckets/). - (API only) An API token with [permissions](/r2/api/s3/tokens/#permissions) to edit R2 bucket configuration. +### Enable bucket lock via dashboard + +1. From the Cloudflare dashboard, select **R2** from the sidebar. +2. Select the bucket you would like to add bucket lock rule to. +3. Switch to the **Settings** tab, then scroll down to the **Bucket lock rules** card. +4. Select **Add rule** and enter the rule name, prefix, and retention period. +5. Select **Save changes**. + ### Enable bucket lock via Wrangler 1. Install [`npm`](https://docs.npmjs.com/getting-started). @@ -77,6 +85,12 @@ If your bucket is setup with [jurisdictional restrictions](/r2/reference/data-lo ## Get bucket lock rules for your R2 bucket +### Dashboard + +1. From the Cloudflare dashboard, select **R2** from the sidebar. +2. Select the bucket you would like to add bucket lock rule to. +3. Switch to the **Settings** tab, then scroll down to the **Bucket lock rules** card. + ### Wrangler To list bucket lock rules, run the [`r2 bucket lock list` command](/workers/wrangler/commands/#r2-bucket-lock-list): @@ -91,6 +105,13 @@ For more information on required parameters and examples of how to get bucket lo ## Remove bucket lock rules from your R2 bucket +### Dashboard + +1. From the Cloudflare dashboard, select **R2** from the sidebar. +2. Select the bucket you would like to add bucket lock rule to. +3. Switch to the **Settings** tab, then scroll down to the **Bucket lock rules** card. +4. Locate the rule you want to remove, select the `...` icon next to it, and then select **Delete**. + ### Wrangler To remove a bucket lock rule, run the [`r2 bucket lock remove` command](/workers/wrangler/commands/#r2-bucket-lock-remove): diff --git a/src/content/partials/workers/wrangler-commands/r2.mdx b/src/content/partials/workers/wrangler-commands/r2.mdx index d344f3959e3deee..c30b4a1a3653a85 100644 --- a/src/content/partials/workers/wrangler-commands/r2.mdx +++ b/src/content/partials/workers/wrangler-commands/r2.mdx @@ -263,8 +263,8 @@ wrangler r2 bucket lifecycle add [OPTIONS] - `NAME` - The name of the R2 bucket to add a lifecycle rule to. -- `--id` - - A unique identifier for the lifecycle rule. +- `--name` + - A unique name for the lifecycle rule, used to identify and manage it. For example: `delete-logs-180-days`. - `--prefix` - Prefix condition for the lifecycle rule (leave empty for all prefixes). - `--expire-days` @@ -296,8 +296,8 @@ wrangler r2 bucket lifecycle remove [OPTIONS] - `NAME` - The name of the R2 bucket to remove a lifecycle rule from. -- `--id` - - The unique identifier of the lifecycle rule to remove. +- `--name` + - The unique name of the lifecycle rule to remove. - `--jurisdiction` - The jurisdiction where the bucket exists, if a jurisdiction has been specified. Refer to [jurisdictional restrictions](/r2/reference/data-location/#jurisdictional-restrictions). @@ -349,8 +349,8 @@ wrangler r2 bucket lock add [OPTIONS] - `NAME` - The name of the R2 bucket to add a bucket lock rule to. -- `--id` - - A unique identifier for the bucket lock rule. +- `--name` + - A unique name for the bucket lock rule, used to identify and manage it. For example: `retain-logs-180-days`. - `--prefix` - Prefix condition for the bucket lock rule (leave empty for all prefixes). - `--retention-days` @@ -374,8 +374,8 @@ wrangler r2 bucket lock remove [OPTIONS] - `NAME` - The name of the R2 bucket to remove a bucket lock rule from. -- `--id` - - The unique identifier of the bucket lock rule to remove. +- `--name` + - The unique name of the bucket lock rule to remove. - `--jurisdiction` - The jurisdiction where the bucket exists, if a jurisdiction has been specified. Refer to [jurisdictional restrictions](/r2/reference/data-location/#jurisdictional-restrictions).