Support for Object lock in Elastic Beanstalk's default Amazon S3 bucket named <elasticbeanstalk-region-account-id>

[nikhil-aws]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave "+1" or "me too" comments. They generate extra noise for issue followers and do not help prioritize the request.

Tell us about your request
What do you want us to build?

Would like to enable object lock on the default S3 bucket created by Elastic Beanstalk in AWS account: elasticbeanstalk-region-account-id

Is this request specific to an Elastic Beanstalk platform?
If so, which one(s)? All

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
This is required since critical logs is being stored on this bucket.

Since application logs are rotated into this S3 bucket, we need to be able to turn on governance or compliance mode on the bucket to ensure compliance with regulatory frameworks.

Are you currently working around this issue?
How are you currently solving this problem?

Additional context
Anything else we should know?
New app version deployments and environment updates will fail if object lock is enabled on the S3 bucket.

After you enable Object Lock on a bucket, you can't disable Object Lock or suspend versioning for that bucket.

Only way to remediate this problem is by disabling "default retention" under 'Object Lock' settings to remove a default retention.

Go To Beanstalk S3 bucket properties >> Edit 'Object Lock' >> Disable the 'Default retention'

This will allow you to perform deployments on the environment again.

Attachments
If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)