PolarSPARC

AWS Simple Storage Service (S3) - Quick Notes


Bhaskar S *UPDATED*12/29/2023


AWS Simple Storage Service

AWS Simple Storage Service (S3 for short) is an object storage service that offers industry-leading scalability, data availability, security, and performance.

The following is the summary of the various features/capabilities of S3:

Performance

The following are the various features/capabilities on S3 Performance:

Access Control

The default access for a bucket or an object is PRIVATE (only the resource owner has access).

The following are the methods of controlling access to buckets and objects:

Access Points

Access Points simplify data access for any AWS application or service that stores data in S3. Access points are named network endpoints that are attached to buckets and can used to perform S3 object operations. Each access point has distinct permissions and network controls that S3 applies for any request that is made through that access point. Each access point enforces a customized access point policy that works in conjunction with the bucket policy that is attached to the underlying bucket.

The following are the various features/capabilities of S3 Access Points:

Static Website Hosting

One can use an S3 bucket to host a static website that is accessible from the Internet. It can only include static web content as individual webpages, which can contain client-side scripts.

The website URL depends on the Region and can be one of the two forms:

Note that S3 static website hosting does NOT support server-side scripting.

Cross-Origin Resource Sharing (CORS)

It is a web browser based security mechanism to allow requests to other origins from the visited origin. An origin is the combination of the protocol (http/https), the domain (example.com), and the port. A web browser makes a preflight check to determine if the request to the other origin is allowed.

The following are the various features/capabilities of CORS:

Versioning

Versioning in S3 is a means of keeping multiple versions of an object in the same bucket. One can use the versioning feature to preserve, retrieve, and restore every version of every object stored in the buckets.

The following are the various features/capabilities of S3 Versioning:

Multi-Factor Authentication (MFA) Delete

MFA Delete is an optional additional layer of protection from unintentional delete of an object version or changing the versioning state of the bucket.

The following are the various features/capabilities of S3 MFA Delete:

Replication

One needs to enable Replication for an S3 bucket. There are two types of replicaion - Cross Region Replication (or CRR) and Same Region Replication (or SRR).

The following are the various features/capabilities of S3 Replication:

Storage Classes

S3 offers different storage classes (or tiers) as follows:

Standard - General Purpose

Standard-Infrequent Access (IA)

One Zone-Infrequent Access

Glacier Instant Retrieval

Glacier Flexible Retrieval

Glacier Deep Archive

Intelligent Tiering

Note that the durability the SAME across all the storage classes.

Lifecycle Rules

Enables one to specify the Lifecycle Rules of object(s) in a bucket. Data objects have a natural lifecycle - starting from frequently accessed (hot), to less frequently accessed (warm), and finally to archive or backup (cold).

The following are the various features/capabilities of S3 Lifecycle Rules:

Select and Glacier Select

The following are the various features/capabilities of S3 Select and Glacier Select:

Data Encryption

Data Encryption refers to protecting data while it is in transit (as it travels to and from S3) and at rest (while it is stored on disks in S3). One can protect data in transit by using Secure Socket Layer/Transport Layer Security (SSL/TLS) or client-side encryption. For protecting data at rest in S3, we have the following four options:

Server-Side Encryption with S3 Managed Keys (SSE-S3)

Server-Side Encryption with Key Management Service (KMS) Managed Keys (SSE-KMS)

Server-Side Encryption with Customer-Provided Keys (SSE-C)

Client Side Encryption

Pre-Signed URL

The following are the various features/capabilities of S3 Pre-Signed URL:

Access Logs

The following are the various features/capabilities of S3 Access Logs:

Event Notifications

The following are the various features/capabilities of S3 Event Notifications:

Object Lambda

The following are the various features/capabilities of S3 Object Lambda:


References

Official AWS S3 Documentation

Official AWS S3 FAQs


© PolarSPARC