- Simple Storage Service (S3) Object-based storage. Store unlimited amount of data without worry of underlying storage infrastructure.
- S3 replicates data across at least 3 AZ's to ensure 99.99% availability and 11 9's of durability.
- Objects contain your data (they are like files).
- Objects can be size anywhere from 0 Bytes up to 5 Terabytes.
- Buckets contain objects. Buckets can also contain folders which can in turn can contain objects.
- Bucket names are unique across all AWS accounts. Like a domain name.
- When you upload a file to S3 successfully you'll receive a HTTP 200 code Lifecycle Management Objects can be moved between storage classes or objects can be deleted automatically based on a schedule.
- Versioning objects are giving a Version ID. When new objects are uploaded the old objects are kept. You can access any object version. When you delete an object the previous object is restored. Once Versioning is turned on it cannot be turn off, only suspended.
- MFA delete enforce DELETE operations to require MFA token in order to delete an object. Must have versioning turned on to use. Can only turn on MFA delete from the AWS CLI. Root account is only allowed to delete objects.
- All new buckets are private by default.
- Logging can be turned to on a bucket to log to track operations performed on objects.
- Access Control is configured using Bucket Policies and Access Control Lists.
- ACL's are the legacy method(not deprecated) where you grant access to objects and buckets with simple actions.
- Security in Transit Uploading files is done over SSL.
- SSE stands for Server Side Encryption. S3 has 3 options for SSE.
- SSE-AES S3 handles the key, uses AES-256 algorithm.
- SSE-KMS envelope encryption via AWS KMS and you manage the keys.
- SSE-C customer provided key (you manage the keys).
- Client-Side Encryption you must encrypt your own files before uploading them to S3.
- Cross Region Replication (CRR) allows you to replicate files across regions for greater durability. You must have versioning turned on in the source and destination bucket. You can have CRR replicate to bucket in another AWS account.
- Transfer Acceleration provide faster and secure upload from anywhere in the world. Data is uploaded via distinct url to an Edge Location. Data is then transported to your S3 bucket via AWS backbone network.
- Presigned Url's is a url generated via the AWS CLI and SDK. It provides temporary access to write or download object data. Presigned Url's are commonly used to access private objects.
- S3 has 6 different Storage Classes
1 Standard Fast! 99.99% Availability 11 9's durability. Replicated across at least three AZ's.
2 Intelligent Tiering uses ML to analyze your object usage and determine the appropriate storage class. Data is moved to the most cost-effective access tier, without any performance impact or added overhead.
3 Standard Infrequently Access (IA) still fast cheaper if you access files less than once a month. Additional retrieval fee is applied. 50% less than Standard (reduced availability).
4 One Zone IA still fast objects only exist in one AZ. Availability (is 99.5%) but cheaper than standard IA by 20% less (reduce durability) data could get destroyed. A retrieval fee is applied.
5 Glacier For long-term cold storage. Retrieval of data can take minutes to hours but the off is very cheap storage.
6 Glacier Deep Archive the lowest cost storage class. Data retrieval time is 12 hours.