Techniques

Website

• S3 can host static websites and have them accessible on the Internet

• The website URL will be (depending on the region)

  • http://bucket-name.s3-website-aws-region.amazonaws.com OR

  • http://bucket-name.s3-website.aws-region.amazonaws.com

• If you get a 403 Forbidden error, make sure the bucket policy allows public reads!

Versioning

• You can version your files in Amazon S3

• It is enabled at the bucket level

• Same key overwrite will change the “version”: 1, 2, 3....

• It is best practice to version your buckets

  • Protect against unintended deletes (ability to restore a version)

  • Easy roll back to the previous version

• Notes:

  • Any file that is not versioned prior to enabling versioning will have version “null”

  • Suspending versioning does not delete the previous versions

Replication (CRR & SRR)

• Must enable Versioning in source and destination buckets

• Cross-Region Replication (CRR)

• Same-Region Replication (SRR)

• Buckets can be in different AWS accounts

• Copying is asynchronous

• Must give proper IAM permissions to S3

• Use cases:

  • CRR – compliance, lower latency access, replication across accounts

  • SRR – log aggregation, live replication between production and test accounts

Storage Classes

• Amazon S3 Standard - General Purpose

• Amazon S3 Standard-Infrequent Access (IA)

• Amazon S3 One Zone-Infrequent Access

• Amazon S3 Glacier Instant Retrieval

• Amazon S3 Glacier Flexible Retrieval

• Amazon S3 Glacier Deep Archive

• Amazon S3 Intelligent Tiering

• Can move between classes manually or using S3 Lifecycle configurations

Durability and Availability

• Durability:

  • High durability (99.999999999%, 11 9’s) of objects across multiple AZ

  • If you store 10,000,000 objects with Amazon S3, you can on average expect to incur a loss of a single object once every 10,000 years

  • Same for all storage classes

• Availability:

  • Measures how readily available a service is

  • Varies depending on storage class

  • Example: S3 standard has 99.99% availability = not available 53 minutes a year

S3 Standard – General Purpose

  • 99.99% Availability

  • Used for frequently accessed data

  • Low latency and high throughput

  • Sustain 2 concurrent facility failures

  • Use Cases: Big Data analytics, mobile & gaming applications, content distribution...

S3 Storage Classes – Infrequent Access

• For data that is less frequently accessed, but requires rapid access when needed

• Lower cost than S3 Standard

Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

  • 99.9% Availability

  • Use cases: Disaster Recovery, backups

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

  • High durability (99.999999999%) in a single AZ; data lost when AZ is destroyed

  • 99.5% Availability

  • Use Cases: Storing secondary backup copies of on-premise data, or data you can recreate

Amazon S3 Glacier Storage Classes

• Low-cost object storage meant for archiving / backup

• Pricing: price for storage + object retrieval cost

Amazon S3 Glacier Instant Retrieval

  • Millisecond retrieval, is great for data accessed once a quarter

  • Minimum storage duration of 90 days

Amazon S3 Glacier Flexible Retrieval (formerly Amazon S3 Glacier):

  • Expedited (1 to 5 minutes), Standard (3 to 5 hours), Bulk (5 to 12 hours) – free

  • Minimum storage duration of 90 days

Amazon S3 Glacier Deep Archive – for long-term storage:

  • Standard (12 hours), Bulk (48 hours)

  • Minimum storage duration of 180 days

S3 Intelligent-Tiering

• Small monthly monitoring and auto-tiering fee

• Moves objects automatically between Access Tiers based on usage

• There are no retrieval charges in S3 Intelligent-Tiering

Frequent Access tier (automatic): default tier

Infrequent Access tier (automatic): objects not accessed for 30 days

Archive Instant Access tier (automatic): objects not accessed for 90 days

Archive Access tier (optional): configurable from 90 days to 700+ days

Deep Archive Access tier (optional): config. from 180 days to 700+ days

Storage Classes Comparison

Example: us-east-1

S3 Encryption

IAM Access Analyzer for S3

• Ensures that only intended people have access to your S3 buckets

• Example: publicly accessible bucket, bucket shared with other AWS account...

• Evaluates S3 Bucket Policies, S3 ACLs, S3 Access Point Policies

• Powered by IAM Access Analyzer

PreviousSecurityNextShared Responsibility Model for S3

Last updated