S3 (Simple Storage Service)
Amazon S3 is an object storage service offering scalability, data availability, security, and performance.
More Information
Objectsโ
- An object consists of:
- Key: name of the object
- Value: object content as a sequence of bytes
- Version ID: versioning identification
- Metada: name-value pairs to store information regarding the object
- Subresources: store object additional information (e.g. ACL, CORS, Torrent)
- Objects can range in size from 0 B to 5 TB
Bucketsโ
- Container for objects stored in Amazon S3
- Bucket names must be unique across all AWS accounts in all the AWS Regions within a partition (i.e. Standard Regions, China Regions, GovCloud US)
Consistencyโ
- Strong read-after-write consistency for PUT and DELETE requests of object
- Updates to a single key are atomic
- S3 does not support object locking for concurrent writers (if two PUT requests are simultaneously made to the same key, the request with the latest timestamp wins)
More Information
Storage Classesโ
Frequently Accessedโ
- S3 Standard
- Default storage class
- Designed for frequently accessed data (more than once a month)
- For performance-sensitive use cases (millisecond access)
Automatically Optimizedโ
- S3 Intelligent-Tiering
- Automatically moves data to the most cost-effective access tier (Frequent Access, Infrequent Access and Archive Instant Access)
- Useful for data that has unknown or changing access patterns
- No retrieval fees
Infrequently Accessedโ
- Designed for long-lived, infrequently accessed data (once a month)
- Millisecond access
- S3 Standard-IA
- Useful for primary or only copy of data that can't be re-created
- S3 One Zone-IA
- S3 stores data in only one Availability Zone
- Less expensive than S3 Standard-IA
- Useful if the data can be re-created and for object replicas when setting S3 Cross-Region Replication
Archivingโ
- Low-cost data archiving
- S3 Glacier Instant Retrieval
- Milliseconds retrieval
- Less expensive than S3 Standard-IA, with the same latency and throughput performance as the S3 Standard-IA storage class
- Higher data access costs than S3 Standard-IA
- S3 Glacier Flexible Retrieva
- Minutes retrieval for portions of data
- Hours for bulk retrieval
- S3 Glacier Deep Archive
- 12 hours retrieval for portions of data
- 48 Hours for bulk retrieval
- Lowest cost storage option in AWS
Versioningโ
- Stores all versions of an object
- Once enabled it cannot be disabled, only suspended
Lifecycle Managementโ
- Manage objects based on a set of rules
- Transition actions: define when objects transition to another storage class
- Expiration actions: define when objects expire.
- Can be used in conjunction with versioning for both current and non-current versions
MFA Deleteโ
- Enforce delete operations to require MFA
- Versioning must be enabled
- Only the bucket owner (root account) can enable MFA delete
More Information
Cross-Region Replicationโ
- Versioning must be enabled on both source and destination buckets
- Regions must be unique
- File in an existing bucket are not replicated automatically, but all subsequent updated files are
Securityโ
Access Controlโ
- Bucket access can be controlled via:
- Bucket Policies
- Access Control Lists (ACL)
- By default, all newly created buckets are private
- S3 buckets can create access logs which logs all requests to the bucket
- Access logs can be sent to another bucket
- Presigned URLs allow users to temporarily download/upload objects to buckets without AWS security credentials or permissions
More Information
Encryptionโ
- Transit
- SSL/TLS
- Rest
- Server Side Encryption (SSE)
- Amazon S3-Managed Keys (SSE-S3)
- KMS keys Stored in AWS Key Management Service (SSE-KMS)
- Customer-Provided Keys (SSE-C)
- Client Side Encryption
- Server Side Encryption (SSE)