S3 stands for Simple Store Service. It provides object based storage

Buckets

Folders are called buckets

S3 Buckets follows universal Namespace. It has to be unique across across all amazon accounts

Objects

  • Files are Objects
  • Objects in S3 can be from 0 bytes to 5TB
  • Objects are stored in Bucket
  • Objects in S3 consists of key-value pair, Version ID, Metadata and sub resources
  • HTTP code is returned when actions are take against objects in S3 buckets
  • An individual object can be versioned. So you could access different versions of same objects
  • Read after Write consistency for PUTS of new objects
  • Eventual Consistency for Overwriting PUTS and deletes

Storage classes

There are six different storage classes that provides guarantees different availability and durability. Billing is performed based on chosen storage classes. Lifecyle management can be done on both bucket level and object level to move object between different storage classes to save on costs;

Security

  • Encryption is Transit is provided by SSL/TLS otherwise HTTPS
  • Access to buckets are provided by Bucket policies
  • Access to objects are provided by ACL
  • MultiFactor authentication can be enabled to at bucket level
  • IAM Policies & groups are used to control access to S3 buckets
  • An bucket with Public access can have objects with Private access

Governance and Compliance

  • Write once read many(WORM) Model
  • Object Lock can be enabled both at object level or bucket level
  • Object Lock has governance mode and compliance mode.
  • Governance mode, the object can be place to lock for certain amount of period and the root user or other user with permission still can delete the object.
  • Complaince mode object can’t be deleted even by the root user
  • S3 Valut lock is for S3 and S3 Glacier valult lock is for S3 Glacier.

Performance

  • S3 Perfix is the layer between filename and bucketname
  • The more prefix we have the better the performance. Why?
  • 3500 requests per second for PUT/COPY/POST/DELETE and 5,500 for GET/HEAD request per prefixx SSE-KMS the KMS quota limit kicks in
  • Multipart uploads recommended for file 100MB but required for files over 5GB. This increase efficiancy
  • Byte-Range Fetches. Parallelize downloads If there is a failure , then need to download only necessary part

S3 Select & Glacier Select

SQL Expression to download file from S3 to achieve 400% increase inefficiency.

Sharing S3 Bucket across Accounts

  • Use bucket policies & IAM to apply across entire bucket.
  • Using Bucket ACl and IAM.
  • Both Allow only Programmatic access only not via console
  • Cross-account IAM Roles, Programmatic and Consoles access

Cross Region Replication

  • Version should be enabled for cross region replication
  • Storage class can be different for cross region replication
  • Old objects doesn’t get replicated. Only new objects get replicated.
  • Only new version get replicated
  • Object permission on source doesn’t reflected to destination bucket.
  • Delete markers are not replicated

Transfer Acceleration

  • Cloudfront Edge Network.
  • User upload to edge location and it get transfered to S3 bucket