AWSGlossary

Amazon S3 Versioning: What It Is and When to Use It

Definition

Amazon S3 Versioning is a bucket-level feature that preserves every version of every object, forever, until you explicitly delete it. Once enabled, every PUT or DELETE creates a new version rather than overwriting or erasing data. Each version gets a unique VersionId, and DELETE operations create a special delete marker rather than removing data. Versioning is the foundation for rollback, ransomware recovery, compliance archives, and works hand-in-hand with S3 Object Lock (WORM) and S3 Replication. A critical quirk: versioning, once enabled, can only be suspended — never fully disabled. Understanding this one-way door is essential before you turn it on.

How It Works

A bucket's versioning state is one of three values:

  • Unversioned (default) — objects have no VersionId; writes overwrite.
  • Enabled — writes create new versions; deletes create delete markers; each object has a history.
  • Suspended — future writes overwrite the "null" version, but previously created versions remain accessible.

You toggle state via PUT Bucket Versioning. You cannot return a bucket from Enabled back to Unversioned — only to Suspended. If you truly want to get rid of versioning, you must delete every non-current version and every delete marker manually, then suspend.

Key operations on a versioned bucket:

  • PUT — always creates a new version, returns VersionId in the response.
  • GET without a version — returns the latest non-delete-marker version.
  • GET with ?versionId=... — returns that specific historical version.
  • DELETE without a version — creates a delete marker (becomes the new "latest" version); the actual objects are untouched.
  • DELETE with ?versionId=... — permanently removes that specific version (requires s3:DeleteObjectVersion permission).

MFA Delete is an additional safeguard: when enabled, permanently deleting a version or changing versioning state requires a valid MFA token from the root account. MFA Delete can only be configured by the root account using the CLI — not via the console or IAM users.

Key Features and Limits

  • VersionId — 32+ character opaque string generated by S3; use it as a permalink.
  • Delete markers — zero-byte placeholders. They are free to store but still show up in LIST operations.
  • Lifecycle integration — noncurrent versions can transition to cheaper classes (IA, Glacier) or expire after N days. The typical rule: expire noncurrent versions after 30–90 days.
  • Cross-Region/Same-Region Replication — requires Versioning on both source and destination buckets.
  • Object Lock — requires Versioning. Enables Governance or Compliance WORM retention.
  • MFA Delete — only via root credentials + CLI; protects against catastrophic deletion.
  • Performance — no performance penalty for reads at the latest version; LIST operations on highly versioned buckets can slow down (use prefixes + pagination).
  • Limits — no hard cap on the number of versions per object, but every version consumes storage and shows in versioned LIST operations.

Common Use Cases

  1. Accidental-delete protection — quickly restore a file by deleting its most recent delete marker or copying an older version over the latest.
  2. Ransomware recovery — combined with Object Lock in Compliance mode, attackers that gain credentials cannot erase historical versions.
  3. Compliance archives — pair Versioning + Object Lock + Vault / bucket policies to create regulator-friendly WORM storage.
  4. Data pipeline safety — ETL jobs that rewrite files can be rolled back by restoring the previous version.
  5. Replication — Cross-Region Replication (CRR) and Same-Region Replication (SRR) require Versioning for consistent delta tracking.
  6. Blue/green deploys for static sites — keep every deployment as a discrete version; roll back by copying a prior version into the active prefix.

Pricing Model

Versioning is free to enable, but every version counts as stored data:

  1. Storage — every version, including noncurrent ones, bills at its storage class's GB-month rate.
  2. Requests — LIST operations on a versioned bucket can be more expensive because they enumerate noncurrent versions with ListObjectVersions.
  3. Transfer — no different from an unversioned bucket.

Cost pitfall: a chatty application that overwrites the same small object many times a day can accumulate thousands of versions and silently multiply the storage bill. The standard mitigation is a Lifecycle rule: expire noncurrent versions after 30 days. Another: consolidate writes (append to a daily file instead of many small writes).

Pros and Cons

Pros

  • Unbreakable protection against accidental overwrite and deletion.
  • Essential enabler for Object Lock, Replication, and advanced compliance postures.
  • Every version is addressable — powerful for auditing and rollback.
  • No performance penalty for normal reads.
  • Works with Lifecycle rules to manage cost over time.

Cons

  • Cannot be disabled — only suspended. Plan carefully before enabling on production buckets.
  • Storage cost grows every time an object is written.
  • LIST operations can return tens of thousands of delete markers and old versions, complicating application logic.
  • MFA Delete is root-only and only configurable via CLI — awkward to roll out.
  • Cleaning up a versioned bucket requires iterating over every version (use S3 Batch Operations for scale).

Comparison with Alternatives

| Feature | S3 Versioning | S3 Object Lock | CRR / SRR | Snapshots (EBS) | | --- | --- | --- | --- | --- | | Purpose | Preserve history of every write | WORM retention (Governance/Compliance) | Copy to another bucket/Region | Point-in-time backups for EBS | | Required for | Object Lock, Replication, MFA Delete | Versioning must be enabled first | Versioning required on both ends | N/A | | Reversibility | Cannot be fully disabled | Compliance mode is irreversible | Can be disabled | Delete freely | | Cost shape | Per-version storage | Same, plus Lock management | Duplicate storage + replication bandwidth | Incremental snapshot storage |

For EBS-style point-in-time backups of an entire bucket, use AWS Backup for S3 or S3 Replication to a dedicated retention bucket.

Exam Relevance

  • Solutions Architect Associate (SAA-C03) — know that Versioning is a prerequisite for Object Lock, Cross-Region Replication, and MFA Delete. Know that disabling is not possible (only suspension).
  • Developer Associate (DVA-C02) — using VersionId parameter on GET, understanding delete markers, configuring Lifecycle rules for noncurrent versions.
  • SysOps Administrator (SOA-C02) — MFA Delete setup via CLI + root credentials, cost troubleshooting on over-versioned buckets, cleanup via Batch Operations.

Classic exam trap: "How do you prevent a user from permanently deleting objects?" — the simplest and strongest answer is Versioning + MFA Delete (or Versioning + Object Lock in Compliance mode for regulated data). A plain IAM deny policy is weaker because it can be bypassed by privilege escalation.

Frequently Asked Questions

Q: Can I disable S3 Versioning after I enable it?

A: Not completely. Once Versioning is Enabled, you can only Suspend it. Suspended means new writes overwrite the "null" version, but every version created while Enabled remains. To effectively remove versioning, you must list and delete every noncurrent version and every delete marker (often via S3 Batch Operations) and then suspend the state.

Q: What is a delete marker in S3 Versioning?

A: A delete marker is a zero-byte placeholder that S3 inserts as the new "latest" version when you perform a DELETE without specifying a VersionId. The underlying versions remain intact; a subsequent GET returns a 404 because the latest version is the delete marker. To "undelete" the object, remove the delete marker (DELETE with its VersionId), and the prior version becomes latest again.

Q: How does MFA Delete work in S3?

A: MFA Delete is enabled by the root account via the AWS CLI (not the console). Once on, permanently deleting any object version or changing the bucket's versioning state requires an MFA token from the root account's MFA device. This turns accidental or malicious permanent deletion into a multi-factor operation and is a common control for regulated and high-value buckets, often paired with Versioning + Object Lock for defense in depth.

This article reflects AWS features and pricing as of 2026. AWS services evolve rapidly — always verify against the official S3 Versioning documentation before making production decisions.

Published: 4/17/2026 / Updated: 4/27/2026

This article is for informational purposes only. AWS services, pricing, and features change frequently — always verify details against the official AWS documentation before making production decisions.

More in Storage

S3 Object Lock: WORM Storage for Data Protection

Amazon S3 Object Lock offers WORM storage to prevent object deletion/overwriting. Essential for regulatory compliance and ransomware protection. Learn how it works.

S3 Requester Pays: How It Works & When to Use It

S3 Requester Pays shifts data transfer & API costs to the requester, not the bucket owner. Ideal for public datasets. Learn when to choose it.

S3 Transfer Acceleration: Fast, Easy, Secure Long-Distance Transfers

Amazon S3 Transfer Acceleration speeds up file transfers over long distances. Learn how it works and when to use this bucket-level feature for faster uploads and downloads.

S3 Pre-Signed URL: Temporary Access Explained

An S3 Pre-Signed URL grants temporary access to S3 objects without AWS credentials. Learn how it works and when to use it for secure uploads/downloads.

S3 Cross-Region Replication: How It Works & When to Use It

Amazon S3 Cross-Region Replication (CRR) automatically copies objects to another AWS Region. Enhance durability, minimize latency, and meet compliance. Learn when to use it.

View all Storageterms →