Shrestha Rajat


Search IconIcon to open search

Last updated Jul 9, 2023 Edit Source

# Simple Storage Service (S3)

#aws #s3 #storage #serverless #cloud

Object storage solution provided by AWS. Serverless storage in the cloud. Do not have to worry about the underlying infrastructure

Object storage is a a simple data storage architecture that manages data as objects, as opposed to other storage architectures which manages data as files and file hierarchy (file systems) and block storage which manages data as blocks within sectors and tracks.

S3 provides unlimited storage.

# Objects

Objects contains data and acts similar to files. they contain:

# Buckets

Bucket holds #Objects Buckets can have folders to organise Objects. These should be unique universally similar to domain names. (i.e. there cannot be bucket with same name even in cross-account scenario)

# Storage Classes

Pasted image 20220713123659

# S3-Standard (Default)

The default storage class. If you don’t specify the storage class when you upload an object, Amazon S3 assigns the S3 Standard storage class.

# S3-Intelligent Tiering

Uses ML/AI to analyse object usage and automate cost savings by moving objects between four access tiers when accessing patterns change. data is moved to most suitable tier, without any performance impact or added overhead.

# S3-Standard Infrequently Accessed (IA)

# S3-Onezone IA

# S3-Glacier

# S3-Glacier-Deep Archive

# S3 Security

# Encryption

# S3 Encryption at transit

SSL/TLS is enabled at transit by default

# S3 Encryption at rest

there are three types of S3 SSE and also supports Client Side Encryption

# Server Side Encryption (SSE)

# Client Side Encryption (CSE)

we the clients are responsible for the encryption of the files being stored in the S3. i.e. the file will be encrypted locally even before being transferred to the s3

# Data Consistency

Read After Write Consistency When you upload a new object

Eventual Consistency when you overwrite or delete an object it takes time for S3 to replicate versions to multiple AZ’s. Fetching the updated object from S3 which was just updated might result in returning the old object instead of the newer copy.

# S3- Versioning

Stores all version of S3 Objects Once enabled it cannot be disabled, only suspended on the bucket Fully integrates with Rules MFA Delete feature provides extra protection against accidental deletions

# Replication

Requires Versioning enabled

# Cross Region Replication

When enabled, any object that is uploaded will be automatically replicated to another region/s. It provides higher durability and potential disaster recovery for objects. This requires versioning turned on on both Source and Destination Bucket. Cross account replication is also possible.

# Single Region Replication

When enabled, the objects will be replicated cross-account on the same region as shown above.

# S3 Life-cycle Management

Automated the process of moving objects to different Storage Classes or deleting. Sort of like a cronjob. Can be used together with versioning and can apply changes and commands to both current and previous versions.

# Transfer Acceleration

Fast and secure transfer of files over long distances between your end users and an S3 bucket. Utilises CloudFront’s Edge Locations Instead of uploading directly to the bucket it will use a distinct URL of an Edge Location to upload it there. When the data is uploaded in the Edge Location it is automatically routed to S3 over a optimised network path

# S3 Presigned URLs

Generates a URL which provides a temporary access to the object to either upload or download object data. Presigned URLs are commonly used to provide access to private objects. You can use AWS CLI or the SDK to generate these Presigned URLs.

will be required when a web-application requires to allow users to download/upload files to a password protected part of a web-app. The web-app can generate quickly expiring URLs to give the users the brief access they need for their operation

# MFA Delete

Ensures users cannot delete object form S3 bucket unless they provide a valid MFA code. It requires:

# S3 Gateway Endpoint

It is a method to connect from EC2 to a bucket through a private address.

Pasted image 20220714013034