Protecting files on an s3 bucket from deletion

I am storing data for my collaboration on OSN, an s3 data store. This has worked great for access, but it’s very easy for anyone with the access credentials to accidentally delete a lot of data.

We have quite a few people with limited to no s3 storage experience who are uploading data and I’m looking for solutions that allow this open “write” access but also lets us designate files as being good and not-to-be-deleted.

I’m looking for any solutions here and I suspect this question may be similar to Directory or file-level permissions on s3 buckets. If it’s possible to have different sets of credentials that give different access levels on a bucket, I could imagine having an “admin-delete-only” flag set in the file metadata that could restrict delete access to users authenticated with a particular key.

On actual S3 (I don’t know about OSN interface), to prevent loss of files from accidental deletion, you can enable versioning on the bucket, and/or you can enable MFA delete on the bucket.

I’d second the recommendation for MFA delete on a real S3 bucket. Nice simple solution to prevent deletion. Versioning is also extremely useful, but worth considering the cost impacts since it can greatly increase the storage used if files are changed frequently.

Thank you for these suggestions, both sound amazing! In our case versioning might be fairly low cost because the vast majority of our files don’t ever change. But we have some that do, so if MFA delete is an option that makes sense as a first effort.