Is it possible to restrict operations on Amazon S3 objects based on their Last-Modified date?

Here's what I'm trying to achieve: I want to create an IAM policy for S3 which doesn't allow the user to delete in general, but allows them to rename objects and give them the prefix trash/. I then want to allow them to delete objects with the trash/ prefix, but only if the Last-Modified开发者_开发百科 date is sufficiently far in the past.

The idea is to limit the damage that could be done if the key is compromised, while still allowing deletes.

From my reading of the documentation, I don't think this is possible but I thought I'd check the wisdom of teh Internets first.

Update:

It should now possible to achieve something very close to my original aim using Amazon's new Object Expiration Policies:

http://docs.amazonwebservices.com/AmazonS3/latest/dev/ObjectExpiration.html

You're right, it doesn't look like its possible to restrict actions by Last-Modified date although I don't know for sure. But why don't you try this.

1. Prevent your users from deleting objects via an IAM policy

2. Implement whatever psuedo delete you like. eg rename files, move to another bucket etc. (possibly preventing your users from seeing these files)

3. Have an automated/scheduled task (eg once a day) that actually deletes these files if the Last-Modified condition is met.