Does anyone have experience with using AWS S3 object lock and data retention policies to enable "WORM" backups in S3?
I am attempting to create an additional Auxilliary copy of our data in an S3 library. Ideally the target S3 bucket would also use the governance mode feature to set a minimum retention time. This retention policy would then be enforced at the AWS account level (as an additional safe guard to commvault retention policy).
I have managed to get an auxillary copy to S3 working by disabling deduplication on the target library, and removing the minimum retention setting from S3 bucket. In this instance commvault will set a retention policy on the data objects written to S3.
However, if I enable deduplication, commvault no longer sets the retention policy on the objects written to S3. As a workaround I tried to use the bucket policy to set a minimum retention time, however this causes commvault auxillary copies to fail with a cloud error.
Is this combo of commvault deduplication + S3 retention policy possible at all? My next line of investigation would be looking at using a native Glacier Vault library to enforce the rentention period within AWS, however this is more difficult to setup in my network environment.