the object is delete by nextcloud. of course end user should have no access to s3. but you can’t stop an nc user from deleting his/her files unless you revoke his/her credentials. or?
i guess that is is your “no go” with s3 as primary storage.
what i would suggest (talking about aws):
- use normal esb stroage. if cost matter use the cheap hdd one.
- make backup with restic.net/rclone.org to aws s3.
so you would have a “normal fs based nextcloud”. and your backup is stored on cheap, reliable storage. restic can “mount” it’s archive and you browse through all files and versions.
as described here: Nextcloud Backup and Restore - #6 by Reiner_Nippes
i’m not sure. but aws s3 versioning isn’t used neither by nextcloud nor by restic. that is to say if you turn on aws s3 versioning neither nc nor restic are not aware about that feature. so if you change a document in nextcloud that would result in two different urn:oid:xxxxxx objects. not two version of the same object. (someone with deeper knowledge may confirm or correct this.)
aws versioning could make sense to protect your documents from mal-/ransomware. the only thing you have to do is configure everything in this way that an attacker won’t get hand on the credentials to turn off versioning and would be able to delete old versions. i think that can be achieved with different iam roles. so if ransomware is encrypting all your docs in nextcloud and get hands the back mechanism you would have still and older version of the backup. hope you get the idea.
if your documents needs to be Armageddon proved it would make sense to use the cross region replication from aws.
want to test: → GitHub - ReinerNippes/nextcloud at nextcloud-reloaded to setup an nc with esb storage and aws s3-restic backup in 20 minutes. follow the readme.