S3 is an Object based storage.
file size 0-5 TB
universal namespace – names unique globally
file link format
http 200 code – if upload successful
S3 is not suitable for hosting databases or installing OS
Read after write consistency PUTs of new objects
Eventual consistency for overwrite PUTs and DELETEs
S3 object has:
key – filename
value – data
Design Question – naming of S3 files.
- add random SALT at start of file name so objects can be stored evenly across S3.
Amazon S3 Standard and Standard – IA are designed to provide 99.999999999% durability of objects over a given year.
Amazon S3 is designed to sustain the concurrent loss of data in two facilities.
Standard (99.99% availability, 99.999999999% durability)
Standard -IA – cheaper
RRS – 99.99% durability, 99.99% availability
Glacier – data archival. 3-5 hour retrieval time – independent from S3
Galcier – $0.01 per 1GB per month
S3 – Charges
- storage management pricing (tags)
- data transfer pricing (data coming in is free but moving data around costs)
- transfer acceleration (takes advantage of cloudfront edge locations)
a bucket name must contain lower case characters and numbers
objects can belong to different storage classes within the same bucket
Once versioning is turned on for a bucket it can’t be removed. it can only be disabled.
new version of same file will not have same permissions as the old version.
even if the bucket has read for everyone – the permissions don’t filter down to individual objects uploaded to the bucket
versioning integrates with lifecycle rules
can enable MFA with versioning on buckets or objects for additional layer of security
Cross Region Replication (lab)
versioning must be turned on for both source and destination buckets
objects in the source bucket prior to turning on cross region replication will not be replicated. only new objects uploaded to source buckets will be replicated to target bucket.
deleting an object in source bucket will also delete an object from target bucket
delete marker does replicate across region, version deletion doesn’t replicate either
With transition action and expiration actions you can setup lifecycle management for S3 objects. You can use lifecycle management rules to move objects to lower tiers of storage and even to glacier and/or delete objects.
All new buckets are private
access control can be setup using
bucket policies and
ACL (at the object level as well)
buckets can be configured to create access logs. logs can be created in another bucket or account
ssl and tls
and data rest
server side encryption
S3 managed keys SSE-S3
AWS key management service, managed keys, SSE-KMS (provides audit trail)
SSE-C , customer manages the key
Client side encryption
uses cloudfront edge network to accelerate uploads to S3
can you a distinct URL to upload directly to an edge location, which will transfer file to S3
Static Website Hosting
You can host static website on S3.
URL format for static website hosting:
Endpoint : http://bucketname.s3-website-us-east-1.amazonaws.com
Make sure to read S3 FAQs: