Simple Storage Service (S3)

Published in

AWS Training Certification

3 min readJun 16, 2020

S3 provides secure, durable & highly-scalable object storage.

What is S3?

Object-based storage.
Files can be from 0 bytes to 5 TB.
Unlimited storage.
Files are stored in buckets, bucket‘s name is universal.
When you upload a file successfully to S3, you will receive an HTTP 200 code.

Storage Classes

S3 Standard: 99.99% availability, 99.999999999% durability, stored redundancy across multiple devices in multiple facilities and is designed to sustain the loss of 2 facilities concurrently.
S3 Intelligent Tiering — Designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead.
S3 IA: (Infrequently Accessed): For data that is accessed less frequently, but requires rapid access when needed. Lower fee than S3 standard, but you are charged a retrieval fee.
S3 One Zone IA: want a lower-cost option for infrequently accessed data, but do not require the multiple Availability Zone data resilience.
S3 Glacier: S3 Glacier is a secure, durable, and low-cost storage class for data archiving. You can reliably store any amount of data at costs that are competitive with or cheaper than on promises solutions. Retrieval times configurable from minutes to hours.
S3 Glacier Deep Archive: S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class where a retrieval time of 12 hours is acceptable.

Charges

Storage
Requests
Storage Management Pricing
Data Transfer Pricing
Cross-region replication pricing
Transfer Acceleration

Transfer Acceleration

Use CloudFront Edge Network to accelerate upload to S3.
Instead upload direct to S3, you can use a distinct URL to upload to an edge location which will then transfer to S3.

Security & Encryption

By default, all newly created buckets are private, you can set up access control to your bucket via Bucket Policies or Access Control List.
The bucket access log can be saved in the current or another bucket.
Encryption in transit: SSL/TLS.
Encryption at rest(Server-side): SSE-S3, SSE-KMS, SSE-C
Encrypt at Client-side.

Versioning

Stores all versions of an object (even you delete).
When enabled, versioning cannot be disabled, only suspended.
MFA delete

Lifecycle Management

Automates moving your object between different storage tiers.
It can be used in conjunction with versioning.
Can be applied to current version and previous versions.

Cross-Region Replication

Versioning must enable source and destination buckets.
Files in an existing bucket are not replicated automatically.
All subsequently updated files will be replicated automatically.
Delete markers NOT replicated.

Lock Policies

Object Lock

S3 Object lock to store object using a write-once read many (WORM).
Can be on individual objects or applied across the bucket as a whole.
Come in two models: governance and compliance .
Governance Mode: user can’t delete or overwrite object unless they have special permissions.
Compliance Mode: a protected object can’t be deleted or overwritten by any user.

Glacier Vault Lock

allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a Vault Lock policy.

S3 Performance

spreading your reads across different prefixes.
Multipart Upload for upload large file.
Byte-Ranger Fetches to download large file.

S3 Select & Glacier Select

S3 select or Glacier select to retrieve exactly data by use SQL expressions
save money on data transfer and increase speed.

Data Sync

To move large amounts of data online between on-premises storage and Amazon S3, Amazon Elastic File System (Amazon EFS), or Amazon FSx for Windows File Server.

Athena & Macie

Athena

is an interactive query service.
serverless.
allow to query data located in S3 using SQL.
Commonly used to analyse log data stored in S3.

Macie

using ML to analyse data in S3 and help indentify PII(Personally identifiable information).
include Dashboard, Report and Alerting.
Great for PCI-DSS.
Commonly used to analyse CloudTrail logs.