Last updated Jul 9, 2023 Edit Source

• Aws
• S3
• Storage
• Serverless
• Cloud

#aws #s3 #storage #serverless #cloud

Object storage solution provided by AWS. Serverless storage in the cloud. Do not have to worry about the underlying infrastructure

Object storage is a a simple data storage architecture that manages data as objects, as opposed to other storage architectures which manages data as files and file hierarchy (file systems) and block storage which manages data as blocks within sectors and tracks.

S3 provides unlimited storage.

Objects contains data and acts similar to files. they contain:

• Key (name)
• Value (data itself)
• Version ID (if enabled the version)
• Metadata (additional information i.e. file-type)

Bucket holds #Objects Buckets can have folders to organise Objects. These should be unique universally similar to domain names. (i.e. there cannot be bucket with same name even in cross-account scenario)

The default storage class. If you don’t specify the storage class when you upload an object, Amazon S3 assigns the S3 Standard storage class.

• Fast (Low latency and high throughput performance.)
• 99.99% Availability
• 11 9’s Durability (Resilient against events that impact an entire Availability Zone.)
• Replicated across at least 3
• Backed with the Amazon S3 Service Level Agreement for availability.
• Supports SSL for data in transit and encryption of data at rest.
• S3 Life-cycle management for automatic migration of objects to other S3 Storage classes

Uses ML/AI to analyse object usage and automate cost savings by moving objects between four access tiers when accessing patterns change. data is moved to most suitable tier, without any performance impact or added overhead.

• Automatically optimises the storage costs for data with changing access patterns.
• Stores objects in four access tiers, optimised for frequent, infrequent, archive, and deep archive access.
• Frequent and In-frequent Access tiers have the same low latency and high throughput performance as S3 Standard.
• Designed for durability of 99.999999999% of objects across multiple Availability zones.
• Designed for 99.9% availability over a given year.
• Backed with the Amazon S3 Service Level Agreement for availability.
• Small monthly monitoring and auto-tiering free.

• 1 AZ only
• Avilability is decreased to 99.5%

• Slowest storage class ()
• Cheapest tier here

• All new buckets are PRIVATE by default.
• Logging per request can be turned on to see the access log of the users
• Access Control is configured using Bucket Policies and Access Control Lists (ACL)
• ACL are Leagacy feature of controlling access to buckets and objects
• Bucket Policies are newer compared to ACL’s and use JSON format policies

SSL/TLS is enabled at transit by default

there are three types of S3 SSE and also supports Client Side Encryption

• SSE-AES S3 handles the key and uses AES-256 algorithm
• SSE-KMS Envelope the encryption using two passes. Both Amazon KMS and the client manages the keys
• SSE-C Similar to KMS but the customer is responsible for managing the key in the aws.

we the clients are responsible for the encryption of the files being stored in the S3. i.e. the file will be encrypted locally even before being transferred to the s3

Read After Write Consistency When you upload a new object

Eventual Consistency when you overwrite or delete an object it takes time for S3 to replicate versions to multiple AZ’s. Fetching the updated object from S3 which was just updated might result in returning the old object instead of the newer copy.

Stores all version of S3 Objects Once enabled it cannot be disabled, only suspended on the bucket Fully integrates with Rules MFA Delete feature provides extra protection against accidental deletions

Requires Versioning enabled

When enabled, any object that is uploaded will be automatically replicated to another region/s. It provides higher durability and potential disaster recovery for objects. This requires versioning turned on on both Source and Destination Bucket. Cross account replication is also possible.

When enabled, the objects will be replicated cross-account on the same region as shown above.

Automated the process of moving objects to different Storage Classes or deleting. Sort of like a cronjob. Can be used together with versioning and can apply changes and commands to both current and previous versions.

Fast and secure transfer of files over long distances between your end users and an S3 bucket. Utilises CloudFront’s Edge Locations Instead of uploading directly to the bucket it will use a distinct URL of an Edge Location to upload it there. When the data is uploaded in the Edge Location it is automatically routed to S3 over a optimised network path

Generates a URL which provides a temporary access to the object to either upload or download object data. Presigned URLs are commonly used to provide access to private objects. You can use AWS CLI or the SDK to generate these Presigned URLs.

will be required when a web-application requires to allow users to download/upload files to a password protected part of a web-app. The web-app can generate quickly expiring URLs to give the users the brief access they need for their operation

Ensures users cannot delete object form S3 bucket unless they provide a valid MFA code. It requires:

It is a method to connect from EC2 to a bucket through a private address.