Simple Storage Service S3

Flat files storage service, object-based storage service. Not a block storage service.

Buckets

  • Versioning
  • Encryption
  • Unlimited storage
  • Lifecycle management
  • Logging for accesses
  • Host static web sites
  • Buckets names are unique globally
  • Supports ACLs and Torrent/BiTorrent

Defaults

  • By default a bucket is private
  • By default up to 100 buckets are allowed

Objects

  • Obj properties: Key(obj name) and Value(bytes), version id, metadata.
  • If the obj is deleted, it is not actually deleted instead a new version as deleted is created
  • Restore an obj: remove the Marker delete obj version
  • Each obj version has independent version on public property
  • Objs size can be from 0b to 5TB. Upload can be 0b-5Gb size.
  • S3 multi-part enabled allows a fast upload data transfer
  • S3 allows up to 3500 PUTS requests per second

S3 Consistency

  • HTTP Newly created files are retrieved inmediately with a HTTP/200 (read-after-write)
  • HTTP Updates and deletes can take some time to propagate. Eventual consistency.
  • Updates to a single key is atomic

Analytics (other aws integrations)

  • Data lake: athenta, redshift, spectrum, quicksight
  • Streaming data: Kinesis firehose
  • ML: Rekognition, Lex, MXNET
  • Storage class analysis

Security

  • User-based IAMs
  • Resources based (ACLs, Policies)
  • Supports MFA delete obj which uses multi-factor auth

Objects can be secured by:

  • Cloudfront origin access identity
  • Cloudfront signed coockies
  • Cloudfront signed urls

Encryption at REST

Supports different encryption methods:

  • Client side: (before upload to S3. PGP)
  • Server side: AWS S3 managed keys SSE-S3. AWS managed with AES-256
  • Server side: KMS (SSE-KMS). You create the aws kms key by AWS storages it. Integration with aws auditrail
  • Server side: customer provided keys (SSE-C).

Tiers

  • S3 standard: 99.99% SLA, and 99.99999999% durability
  • S3 standard: availability and durability across multiple azs
  • S3 ia: less frequently access but rapid access when needed
  • S3 one zone IA: same as ia but stored in one az. mucho lower cost. SLA=99.50%
  • Glacier: service to long-term storage. takes 3-5hrs to retrieve files. No SLA.
  • Intelligent tier (aws moves objects betwen glacer or deep glacier)

Lifecycle: S3-IA & Glacier

  • Use rules to manage objs
  • Automated transitions to tiered storage
  • Expire objs based on retention period
  • Previous and current versions can have different lifecycle configurations
  • Previous and current versions can have different expirations
  • IA has a mininum of 30 days
  • Glacier has a minimum of 30 days after IA
  • Deletions are permanent!

Charges

  • Storage itself
  • HTTP Requests
  • Data transfer (between regions)
  • Storage management (tags setup and other metadat)
  • Transfer acceleration with help of CDN via edge locations

Bucket replications

  • Entire bucket or a prefix objects
  • Cross-region replication support (security, compliance, latency reasons)
  • Specific IAM role is needed
  • Deleted objects are not replicated through regions
  • Versioning is required on source and destination buckets

Some other features and/or integrations

  • Transfer acceleration: uses cloudfront in reverse to fast uploads
    • Requester Pays for usage (requires aws account)
  • Events when something happens in the bucket: SNS, SQS and Lambda