[AWS] Simple Storage Service S3

“Emergencies have always been the pretext on which the safeguards of individual liberty have been eroded.” –Friedrich August von Hayek

Simple Storage Service (S3)

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics.

Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements.

Amazon S3 is designed for 99.999999999% (11 9’s) of durability, and stores data for millions of applications for companies all around the world.

You can use S3 to store and retrieve any amount of data at any time, from anywhere on the web.

The basics of S3 are

S3 Objects

Think of objects just as files. Objects consist of the following:

S3 data consistency

S3 features

S3 storage classes and tiers.

How is S3 billed

S3 Security and Encryption

By default, all newly created bucket are private, you can setup access control to your bucket using:

S3 buckets can be configured to create access logs which log all requests made to the S3 bucket. This can be sent to another bucket and even another bucket in another account.

Encryption in transit

Encryption in transit is achieved by SSL/TLS

Encryption at rest (Server Side)

Encryption at rest (Client Side)

Where you upload your files already encrypted using your own keys.

S3 Versioning

S3 Lifecycle management

Uses lifecycle rules to manage your objects, which define how Amazon S3 manages objects during lifetime. Lifecycle rules enable you to automatically transition objects among the different storage classes and tier from S3 to Glacier. Using a lifecycle rule you can automatically expire objects based on your retention needs or clean up incomplete multi-parts uploads.

Sharing S3 buckets and objects across accounts.

There three ways to share buckes across accounts.

S3 Cross region replication

Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can copy objects between different AWS Regions or within the same Region.

To enable object replication, you add a replication configuration to your source bucket. The minimum configuration must provide the following:

S3 Transfer acceleration.

S3 transfer acceleration uses the Cloud Front edge network to accelerate your uploads to S3 instead of uploading directly to your S3 bucket, you can use a distinct URL to upload your files to an edge location which then transfer that files to S3 using the Amazon enhanced network.

Enables fast, easy and secure transfer of files over long distances between your clients and an S3 bucket. S3 transfer acceleration takes advantage of Amazon CloudFront globally distributed edge locations as the data arrives at an edge location and then is routed to an S3 bucket over an optimized network path.

You will get a distinct URL to upload your files, example: buckt-name.s3-accelerate.amazonaws.com