AWS S3

Amazon Web Service S3 (Simple Storage Services)

Below are the salient features of S3:

  • Infinitely scalable data storage.
  • Is one of the oldest services of AWS (Year 2006).
  • Can store any files- word doc, movies, pictures, etc.
  • Its Object based storage, i.e, each object has an Key, Value, VersionID, Metadata, Subresources (Access Control Lists, Torrents).
  • File can by from 0 Bytes to 5 TB.
  • Files are stored in Buckets.
  • Buckets are basically folders inside S3.
  • S3 is a universal namespace. When you create a bucket the region automatically becomes “global” and not Mumbai or N. Virginia.
  • But, when we create a bucket inside the S3, it ask for Region.
  • We can’t create a Bucket inside another Bucket, i.e., no nesting of bucket.
  • Ownership of bucket is non-transferable.
  • An example of S3 bucket: https://bucket1234.s3.amazonaws.com
  • In the above URL the bucket name is: bucket1234, which is created in N. Virginia region.
  • If we create a bucket in Mumbai region the URL would seem like below, where the name of the bucket is heapsteep.bucket1 and it contains a object in the form of a jpg file : https://s3.ap-south-1.amazonaws.com/heapsteep.bucket1/Dad’s+Uniform+Pic.jpg
  • It is advised not to use period(.) in a bucket name.
  • Northern Virginia is the default region of AWS.
  • HTTP 200 code if the upload was successfull.
  • 99.99 % Availability.
  • 99.99999999999 % Durability (11 * 9s).
  • Tiered storage available-
  • Lifecycle Management- you can move objects to different tiers based on some condition.
  • Encryption- Below are the 3 different ways one can encrypt the objects.
    • Encryption in Transit: (when someone calls the object by https) is achieved by SSL/TLS
    • Encryption at Server side:
      • SSE-S3 (Server Side Encryption) :AWS managed key automatically)
      • SSE-KMS (Server Side Encryption-Key Management Service): You and AWS manage the key together.
      • SSE-C (Server Side Encryption-Customer): You only manage the key to encrypt your object.
    • Encryption at Client side : You encrypt the object in your local machine(laptop) and upload the object to AWS.
  • By default the bucket is Private in nature.
  • First you have to make the Bucket to Public (by Bucket Policies), then only you will be able to make any object inside it to public(by Access Control Lists).
  • You can configure the log whoever is accessing your buckets and its contents. Even you can send this to another bucket/account.
  • Versioning :
    • Once enabled, can’t be disabled, only be suspended. You have to delete the bucket and create a new one to completely turn it off.
    • Stores all versions of a file(even if you delete it)
    • Its a great backup tool.
    • If you upload a new version of the same file, the access of the file would be obviously private.
    • The size of the file increases exponentially in every save. So in architecture point of view keep in mind whether you really need versioning.
    • Integrates with Lifecycle rules.
S3 Storage Classes:
Different ways of charging in S3:
  • Storage- The more you store in S3 the more you billed.
  • Requests- If there are more requests to the objects you will charged more.
  • Data Transfer
  • Cross Region Replication- If you want to automatically replicate to other regions.
  • Transfer Acceleration- Uses CloudFront’s Edge Locations to fast transfer.

Cross Region Replication:

S3 Transfer Acceleration:

S3 Select & Glacier Select :

  • Retrieve less data from S3 using server side SQL filtering.
  • Benefits are – less network transfer, less CPU cost.

One more diagram :

The same select when applies to Glacier is called Glacier Select.