How do I find the longest Retention Period I have in my Object Lock Bucket?

Object Lock is a feature that prevents updates or deletion of objects.

When attempting to delete a bucket with Object Lock enabled, this action could fail if at least 1 object has 1 version that is still under object lock and the retention period has not expired (called active retention).

In some cases, when dealing with large buckets, customers find it difficult to be sure if a bucket has objects that are still under retention, and know when the longest retention period would end so they can delete their bucket. 

We developed a small script in Python that can analyze your Object Lock bucket and detect if there are objects that are still under retention, and will specify which object has the longest retention period so you can plan the bucket's deletion


  • Make sure you have installed AWS SDK boto3 for python on your CLI
  • Install Python 3+ version to run this script

Executions and Details of the Script (output & screenshot attached):

  • When you execute the script, it will read the profiles identified in your .aws/credentials file and prompt you to select the profile or enter the API keys of the admin who is executing this script
    • If you already have a profile configured on your CLI, you may Press 1

      you may configure the AWS CLI profile for the Wasabi account using the Wasabi keys ahead of time

      NOTE that it is optional for you to use credential files to run your code but it is always a best practice to use such implementation where your credential keys are in a file stored on your local machine rather than being part of your actual code or entering Keys at runtime prompt. 

    •  If you do not wish to use the existing profile, you may press 2 and enter your API Keys.
  • Enter your own Bucket Name and Prefix (if you wish), the region will be detected automatically.

NOTE: If you are specifying a prefix, please be sure to enter FULL PREFIX PATH (bucket name NOT included) and the prefix should not start with a forward slash (/)
example: folder1/sub-folder

The script will read the object lock configuration on the specified bucket.

  • Select Yes or No for the verbose execution of the script
    Verbose execution lists all the objects under your bucket
    Non Verbose execution will analyze all the objects and only display the file with the longest retention period expressed in days!

This is what the output should look like:


The Python script is attached to this KB document.

Have more questions? Submit a request