Amazon S3 (Simple Storage Service) is an object storage service built to store and retrieve any amount of data.
Features
Amazon S3 offers the following features
- Durability
- Availability
- Security
- Unlimited Scalability
- Low Costs
Use Cases
- Application Hosting
- Backup and Storage
- Media Hosting
- Software Delivery
- Static Website
Types of URL's
Virtual Hosted Style URL
http://bucket.s3.aws-region.amazonaws.com
Path Style URL
http://s3.aws-region.amazonaws.com/bucket
NB: Amazon S3 is a Public Service and accessed over a Public Endpoint.
Object Attributes
Key (Name)
Version ID
Value (Content)
Metadata
Sub resources
Access Control Information
S3 Gateway Endpoint
An S3 VPC endpoint provides a way for an S3 request to be routed through Amazon S3 service without connecting your private subnet to an internet gateway.
What is a Policy?
A policy is an object in AWS that, when associated with an identity or resource, defines their permissions.
Identity-Based Policies
Identity-based policies are attached to an IAM user, group, or role and let you specify what that identity can do (its permissions).
Resource-Based Policies
Resource-based policies are attached to a resource.
Eg. Attaching a resource-based policy to an Amazon S3 bucket
Cross-Account Access
Sharing resources in an AWS account with users in a different account.
Access Control List
Amazon S3 access control list allows you manage access to buckets and objects.
Each bucket and object has an ACL attached to it as a sub-resource
Defines which AWS accounts and group are granted access and the type of access.
Access Control List Permissions
S3 Multipart Upload
Multipart upload allows you upload a single object as a set of parts.
If your transmission of any part fails, you can retransmit without affecting the other parts.
NB: When object size reaches 100 MB, you should consider using multipart upload instead of uploading object in single operation
0-5 TB per File Size
Largest uploaded in a single PUT is 5 GB
Query String Authentication (Pre-Signed URL)
Authenticating certain request types by passing the required information as a query string parameter enabling direct third-party browser access to your S3 data
Use Case: An Object Owner sharing private objects with others using a pre-signed URL using their own security credentials to grant time limited permission to download object
NB: Maximum duration of 7 days
S3 Transfer Acceleration
Amazon S3 is a bucket-level feature that enables fast, easy and secure transfers of files over long distances between your client and an S3 bucket.
Takes advantage of globally distributed edge locations in Amazon CloudFront.
NB: S3 Transfer Acceleration End-points
IPv4-http://bucketname.s3-accelerate.amazonaws.com
IPv6-http://bucketname.s3-accelerate.dualstick.amazonaws.com
S3 Transfer Acceleration cannot be disabled but only suspended after being enabled.
Versioning in Amazon S3
Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket.
Use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets.
How S3 Versioning Works?
If you delete an object, Amazon S3 inserts a delete marker, which becomes the current object version instead of removing it permanently
If you overwrite an object, it results in a new object version in the bucket
You can always restore the previous version
*Versioning States *
Buckets can be in one of three states
Unversioned (Default)
Versioning-Enabled
Versioning-Suspended
MFA Delete
Adding an additional layer of security by configuring a bucket to enable MFA (multi-factor-authentication) delete
MFA delete requires additional authentication for either of the following operations
Change the versioning state of your bucket
Permanently deleting an object version
Top comments (0)