5 minutes
Introduction to Simple Storage Service
- It is one of the main building blocks of AWS.
- It’s advertized as “infinitely scaling” storage.
- Many website use Amazon S3 as a backbone.
- Many AWS service use AWS S3 as an integration as well.
- Usecase:
- Backup & Storage
- Disaster Recovery
- Archival
- Hybrid cloud storage
- Application Hosting
- Media Hosting
- Datalake and Big data analysis
- Software delivery
- Static Website Hosting S3 Object
- Object contain your data.
- They are like files.
- an object must consists of:
| Property | Information |
|---|---|
| Key | This is the name of the object. |
| It is the full path. | |
| Key is composed of prefix + Object Name: | |
| E.g. s3://mybucket/my_file.txt | |
| E.g. s3://mybucket/myfolder/anotherfolder/myfile.txt | |
| Value | MAX OBJECT SIZE: 5TB |
| Object values are the contents of the body, it is just stored as a sequence of bytes | |
| If upload more than 5GB, must use “must-part” upload | |
| VersionId | When versioning is available, its the version identifier. |
| MetaData | Additional information attached to object. |
| It is the list of test key-value pairs | |
| 2 types of metadata: System or User Metadata | |
| Tags | Unicode key-value pair, upto 10 |
| Useful security/lifecycle |
S3 Bucket
- S3 allows people to store files/objects in “buckets” (directories)
- Buckets must have a Globally Unique Name.
- Buckets are defined at a regional level.
- S3 look’s like a global service, BUT, buckets are created in a region.
| Naming Convension for bucket |
|---|
| - No Uppercase (A-Z) |
| - No Underscores(-) |
| - 3 to 63 characters long |
| - Not an IP |
| - Must start with lowercase letter or numbers |
| - Must not start with prefix (xn—) |
| - Must not end with suffix (-s3alias) |
S3 Security
- User Based:
AWS S3 has IAM Policies:
Which API should be allowed for a specific user from API- Resource Based:
- Bucket Policies:
These are bucket wide rules from the S3 console.
- Object Acces Control List (ACL):
Finer grain control (can be disabled).
- Bucket Access Control List (ACL):
Less Common (can be disabled).Note: An IAM Principal can access an S3 object if the user permission allows it or the resource policy allows its & there is no explicit deny.
- Encryption: Encrypt objects in S3 using Encryption Keys.
S3 Website Hosting
- S3 can host static websites and have them accessible on the internet.
- The website URL will be (dependent on region).
- If you get a 403 error make sure the bucket policy allows public read.
- Note: If you want to host a website, every file related to it should be publicly accessible.
S3 Versioning
- You can version your files in Amazon S3.
- It is enabled at bucket level.
- Files before versioning is enabled will have NULL as their version.
- Different versions of some files will still be available even after versioning is disabled afterwards.
Amazon S3 Replication [Cross Region Replication(CRR) & Same Region Replication (SRR)]
- To use this feature, versioning needs to be enabled.
- Bucket can be in different AWS accounts.
- Copying is Asynchronous
- To copy successfully, it must have proper read & write (to S3) permission in IAM.
- Usecase:
- CRR - Complicance, Low Latency Access, Replication Across Accounts.
- SRR - Log Aggregation, Live replication PROD & TEST Accounts.
S3 Storage Access
There are 5 types of storage access provided by S3.
S3 Standard (General Purpose)
- 99.99% Availablity
- Used for frequently available data.
- Low latency & High Throughput.
- Can Sustain 2 concurrent facility failures.
- Usecase: Big Data Analytics, Mobile & Gaming Application, Content Distribution, …
S3 Infrequent Access
- 99.9% Availablity
- Lower cost (of retrival) than S3 standard
- For data that is less frequently accessed but require rapid access when needed.
- Usecase: Disaster Recovery, Backups
- A special Case:
# Amazon S3 OneZone Infrequent Access
- High Durablity 99.99999999999% (11 9s Durablity) in a
single AZ.
- Data Loss when AZ is destroyed. S3 Glacier Storage
- Low cost object storage meant for archiving & backup.
- Pricing: Price for storage, object retrival cost.
- Amazon S3 Glacier Instant Retrival:
- Amazon S3 Glacier Instant Retrival:
- Milliseconds retrival,
great for data access once in a quarter.
- Minimum storage duration of 90 days.
- Amazon S3 Flexible Retrival:
- Minimum storage duration = 90 days
- Expedite (1-5 mins)
- Standard (3-5 hours)
- bulk (5-12 hours) S3 Glacier Deep Archive (For LongTerm Storage)
- standard: 12 hours retrival delay
- bulk: 48 hours retrival delay
- Minimum storage duration = 180 days.
Amazon S3 Intelligent Tiering
- small monthly monitoring fees.
- Moves object automatically between Access Tiers
- There is no retrival charges.
Amazon S3 Encryption
There are 2 type of encryptions, Client Side Encryptions of which user is responsible, and server side encryption
(which is default mode in the cloud.)
Shared Responsiblity for Amazon S3
