The docs don't mention it, but I'd say no.
Splunk buckets (other than hot buckets) are, by nature, WORM. They are never changed once written. However, the metadata associated with a bucket can change if, for example, a datamodel changes then the associated tsidx file in the bucket will have to change. That would not work if the S3 bucket was write-protected.
In short, don't mess with SmartStore buckets.
The docs don't mention it, but I'd say no.
Splunk buckets (other than hot buckets) are, by nature, WORM. They are never changed once written. However, the metadata associated with a bucket can change if, for example, a datamodel changes then the associated tsidx file in the bucket will have to change. That would not work if the S3 bucket was write-protected.
In short, don't mess with SmartStore buckets.
That makes sense. Thanks for your helpful answer @richgalloway