docs(infra): explain "object lock" in infra/aws-s3/README.md

whisperpine · whisperpine · commit dc5f240381f2 · 2026-03-02T00:53:35.000+08:00
diff --git a/infra/aws-s3/README.md b/infra/aws-s3/README.md
@@ -8,3 +8,11 @@
 - An AWS IAM user with permissions to manage S3 buckets and IAM.
   (e.g. predefined policy `AmazonS3FullAccess` and `IAMFullAccess`, though
   they're too permissive).
+
+## Object Lock
+
+Lifecycle rules of AWS S3 are configured to expire (delete) objects after they
+have been uploaded for a given period (e.g. 180 days). But we often want to keep
+certain objects forever. On this purpose, we can harness the [object lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html)
+feature, specificall by manually enabling the "Object Lock legal hold" for the
+underline object.
