Techniques

Website

• S3 can host static websites and have them accessible on the Internet

• The website URL will be (depending on the region)

http://bucket-name.s3-website-aws-region.amazonaws.com OR
http://bucket-name.s3-website.aws-region.amazonaws.com

• If you get a 403 Forbidden error, make sure the bucket policy allows public reads!

Versioning

• You can version your files in Amazon S3

• It is enabled at the bucket level

• Same key overwrite will change the “version”: 1, 2, 3....

• It is best practice to version your buckets

Protect against unintended deletes (ability to restore a version)
Easy roll back to the previous version

• Notes:

Any file that is not versioned prior to enabling versioning will have version “null”
Suspending versioning does not delete the previous versions

Replication (CRR & SRR)

• Must enable Versioning in source and destination buckets

• Cross-Region Replication (CRR)

• Same-Region Replication (SRR)

• Buckets can be in different AWS accounts

• Copying is asynchronous

• Must give proper IAM permissions to S3

• Use cases:

CRR – compliance, lower latency access, replication across accounts
SRR – log aggregation, live replication between production and test accounts

Storage Classes

• Amazon S3 Standard - General Purpose

• Amazon S3 Standard-Infrequent Access (IA)

• Amazon S3 One Zone-Infrequent Access

• Amazon S3 Glacier Instant Retrieval

• Amazon S3 Glacier Flexible Retrieval

• Amazon S3 Glacier Deep Archive

• Amazon S3 Intelligent Tiering

• Can move between classes manually or using S3 Lifecycle configurations

Durability and Availability

• Durability:

High durability (99.999999999%, 11 9’s) of objects across multiple AZ
If you store 10,000,000 objects with Amazon S3, you can on average expect to incur a loss of a single object once every 10,000 years
Same for all storage classes

• Availability:

Measures how readily available a service is
Varies depending on storage class
Example: S3 standard has 99.99% availability = not available 53 minutes a year

S3 Standard – General Purpose

99.99% Availability
Used for frequently accessed data
Low latency and high throughput
Sustain 2 concurrent facility failures
Use Cases: Big Data analytics, mobile & gaming applications, content distribution...

S3 Storage Classes – Infrequent Access

• For data that is less frequently accessed, but requires rapid access when needed

• Lower cost than S3 Standard

• Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

99.9% Availability
Use cases: Disaster Recovery, backups

• Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

High durability (99.999999999%) in a single AZ; data lost when AZ is destroyed
99.5% Availability
Use Cases: Storing secondary backup copies of on-premise data, or data you can recreate

Amazon S3 Glacier Storage Classes

• Low-cost object storage meant for archiving / backup

• Pricing: price for storage + object retrieval cost

• Amazon S3 Glacier Instant Retrieval

Millisecond retrieval, is great for data accessed once a quarter
Minimum storage duration of 90 days

• Amazon S3 Glacier Flexible Retrieval (formerly Amazon S3 Glacier):

Expedited (1 to 5 minutes), Standard (3 to 5 hours), Bulk (5 to 12 hours) – free
Minimum storage duration of 90 days

• Amazon S3 Glacier Deep Archive – for long-term storage:

Standard (12 hours), Bulk (48 hours)
Minimum storage duration of 180 days

S3 Intelligent-Tiering

• Small monthly monitoring and auto-tiering fee

• Moves objects automatically between Access Tiers based on usage

• There are no retrieval charges in S3 Intelligent-Tiering

• Frequent Access tier (automatic): default tier

• Infrequent Access tier (automatic): objects not accessed for 30 days

• Archive Instant Access tier (automatic): objects not accessed for 90 days

• Archive Access tier (optional): configurable from 90 days to 700+ days

• Deep Archive Access tier (optional): config. from 180 days to 700+ days

Storage Classes Comparison

Example: us-east-1

S3 Encryption

IAM Access Analyzer for S3

• Ensures that only intended people have access to your S3 buckets

• Example: publicly accessible bucket, bucket shared with other AWS account...

• Evaluates S3 Bucket Policies, S3 ACLs, S3 Access Point Policies

• Powered by IAM Access Analyzer

PreviousSecurity NextShared Responsibility Model for S3

Last updated 2 years ago

hashtagWebsite

hashtagVersioning

hashtagReplication (CRR & SRR)

hashtagStorage Classes

hashtagDurability and Availability

hashtagS3 Standard – General Purpose

hashtagS3 Storage Classes – Infrequent Access

hashtagAmazon S3 Glacier Storage Classes

hashtagS3 Intelligent-Tiering

hashtagStorage Classes Comparison

hashtagS3 Encryption

hashtagIAM Access Analyzer for S3