Immutability for Capacity Tier

To make the data immutable, Veeam Backup & Replication uses the Object Lock technology provided by Amazon and some S3-compatible providers. Once imposed, the object lock prohibits deletion of data from the capacity extent until the immutability expiration date comes.

You can enable the immutability feature when adding or editing an Amazon S3 or S3-compatible object storage repository as a capacity extent, at the Bucket step of the Adding Amazon S3 Object Storage or Adding S3 Compatible Object Storage wizards. The immutability expiration date is specified at the same point.

Backups are immutable only during the immutability period set in the bucket even if their retention policy allows for longer storage. This also applies to the following types of backups:

  • Backups with GFS flags
  • Backups created with VeeamZIP jobs
  • Exported backup files

The immutable data within the capacity extent cannot be subject to the following operations:

  • Manual removal of data, as described in Removing Backups from Capacity Tier.
  • Removal of data by the retention policy, as described in Retention Policy.
  • Removal of data using any cloud service provider tools.
  • Removal of data by the cloud service provider technical support department.
  • Removal of data by the Remove deleted items data after option, as described in Maintenance Settings.


There are two ways to migrate your data from a non-immutable bucket to an immutable one. For more information, see section Migrating Data Between Different Buckets.