Amazon Simple Storage Service (Amazon S3)

AWS S3 Basic Features

Versioning

In this lesson, we dive into Amazon S3 versioning—a powerful feature that helps you recover from accidental deletes or overwrites. By default, new S3 buckets have versioning disabled, which means:

  • Deleting an object (e.g., file1.txt) removes it permanently.
  • Uploading a new object with the same key (e.g., file5.txt) overwrites the existing object, making any previous data unrecoverable.

Enabling versioning lets you retain, retrieve, and restore every version of an object stored in your bucket.

The image illustrates the concept of versioning with a bucket icon and three folder icons, each with a circular arrow, suggesting updates or changes.

Bucket Versioning States

You can configure versioning at the bucket level. An S3 bucket exists in one of three states:

StateDescription
UnversionedVersioning is disabled (default). New uploads overwrite existing objects without version IDs.
EnabledAll new and updated objects receive unique version IDs.
SuspendedExisting versions stay intact; new uploads behave like an unversioned bucket (null version ID).

Once you enable versioning, you can never fully turn it off—only suspend it. Suspending does not delete prior versions; it simply stops assigning new version IDs.

Enabling Versioning and Managing Object Version IDs

When versioning is Enabled:

  1. The first upload of file1.txt might get version ID 1.
  2. Re-uploading the same key creates version ID 2, preserving version 1.
  3. A third upload assigns version ID 3, and so on.

The most recent upload is the current or latest version. A GET request without versionId returns this version.

The image explains how versioning works, showing a file with multiple version IDs and a table listing the file's name, type, version ID, and last modified date.

Enabling Versioning via Console and CLI

Console:

  1. Open the S3 console.
  2. Select your bucket → PropertiesBucket VersioningEnableSave.

CLI:

aws s3api put-bucket-versioning \
  --bucket my-bucket \
  --versioning-configuration Status=Enabled

Note

A GET or LIST operation on an unversioned bucket always shows VersionId: null.

Delete Markers

With versioning enabled, deleting an object without specifying a version ID does not remove its data. Instead, S3 inserts a delete marker, which becomes the current version and hides previous versions.

The image illustrates the concept of deleting file versions, showing a "Delete Marker" and two versions of a file named "file1.txt" with different version IDs.

  • To undelete, remove the delete marker; the next latest version immediately becomes current.
  • To remove a specific version (e.g., version 2 of file1.txt), delete that version ID directly—other versions remain intact.

Pricing Considerations

Every version of an object counts towards your storage usage. You pay for the sum of all versions:

VersionSize
Version 1 of file1.txt10 GB
Version 2 of file1.txt15 GB
Total billable25 GB

The image illustrates versioning prices, showing two versions of a file named "file1.txt" with different sizes, totaling 25 GB.

Warning

Enabling versioning can significantly increase your storage costs. Implement Lifecycle rules to expire or transition older versions to cheaper storage classes.

Suspending Versioning

When you suspend versioning on a bucket:

  • Existing object versions remain stored.
  • New uploads receive a null version ID and overwrite objects as in an unversioned bucket.

S3 never purges prior versions automatically. To remove old versions, you must delete them manually or configure a Lifecycle policy.

MFA Delete

Multi-Factor Authentication (MFA) Delete adds a security layer for versioning-related operations:

  • Changing the bucket’s versioning state (Enabled/Suspended) requires MFA.
  • Permanently deleting object versions also requires MFA.

MFA Delete is only configurable via the AWS CLI.

The image explains Multi-Factor Authentication (MFA) Delete, highlighting that MFA is required to change the versioning state of a bucket and can only be enabled using CLI.

Watch Video

Watch video content

Previous
Demo S3 ACLs Resource Policies