I want to be able to retrieve objects that were deleted from my Amazon Simple Storage Service (Amazon S3) bucket. How can I do that?

Enable versioning on your bucket to be able to retrieve objects that were deleted.

When an object is deleted from a version-enabled bucket, Amazon S3 creates a delete marker associated with the object. When there's a delete marker, Amazon S3 responds to requests as if the object was deleted (for example, returning a 404 response to a GET request). However, the object is not permanently deleted, because versioning is enabled.

To retrieve an object that was deleted, remove its associated delete marker by following these steps:
Important: To complete this procedure, you must have the permission to delete object versions (s3:DeleteObjectVersion) in the bucket. For more information, see Permissions for Object Operations.

1.    Run this command to list all the object versions in the bucket:  

s3api list-object-versions --bucket examplebucket

2.    Note the VersionID of the delete marker for your object. For example, this response shows the version ID of the delete marker for the object undelete.txt:

{
    "DeleteMarkers": [
        {
            "Owner": {
                "DisplayName": "AwsTestAcct",
                "ID": "examplefd147b3631e1539e1979f0e4c491dae3ee07450e4c90fde681a6d9810"
            },
            "IsLatest": true,
            "VersionId": "example.d6tjAKF1iObKbEnNQkIMPjj",
            "Key": "undelete.txt",
            "LastModified": "2016-12-09T15:13:45.000Z"
        }
    ],

3.    Run this command to remove the delete marker of the object. Be sure that you enter the version ID of the delete marker as the value for --version-id.

aws s3api delete-object --bucket protectedbucket --version-id 'example.d6tjAKF1iObKbEnNQkIMPjj' --key undelete.txt

4.    Run this command to list all the objects in the bucket:

aws s3 ls s3://examplebucket

5.    Verify that the previously deleted object is now included in the list.

Note: If the bucket has MFA Delete enabled, you must use the designated multi-factor authentication (MFA) to remove the delete marker.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2015-12-31

Updated: 2018-11-06