DEV Community

Adeline Makokha for AWS Community Builders

Posted on

Amazon S3

Amazon S3 (Simple Storage Service) is an object storage service built to store and retrieve any amount of data.

Features
Amazon S3 offers the following features

  • Durability
  • Availability
  • Security
  • Unlimited Scalability
  • Low Costs

Use Cases

  • Application Hosting
  • Backup and Storage
  • Media Hosting 
  • Software Delivery
  • Static Website 

Types of URL's
Virtual Hosted Style URL
http://bucket.s3.aws-region.amazonaws.com

Path Style URL
http://s3.aws-region.amazonaws.com/bucket

NB: Amazon S3 is a Public Service and accessed over a Public Endpoint.

Object Attributes
Key (Name)
Version ID
Value (Content)
Metadata
Sub resources
Access Control Information 

S3 Gateway Endpoint

An S3 VPC endpoint provides a way for an S3 request to be routed through Amazon S3 service without connecting your private subnet to an internet gateway.

s3

What is a Policy?
A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. 
Image description

Identity-Based Policies
Identity-based policies are attached to an IAM user, group, or role and let you specify what that identity can do (its permissions).
ibp

Resource-Based Policies

Resource-based policies are attached to a resource.

Eg. Attaching a resource-based policy to an Amazon S3 bucket
r

Cross-Account Access
Sharing resources in an AWS account with users in a different account.
c

Access Control List
Amazon S3 access control list allows you manage access to buckets and objects.

Each bucket and object has an ACL attached to it as a sub-resource

Defines which AWS accounts and group are granted access and the type of access.
a

Access Control List Permissions
p

S3 Multipart Upload

Multipart upload allows you upload a single object as a set of parts.

If your transmission of any part fails,  you can retransmit without affecting the other parts.

NB: When object size reaches 100 MB, you should consider using multipart upload instead of uploading object in single operation

0-5 TB per File Size

Largest uploaded in a single PUT is 5 GB

Query String Authentication (Pre-Signed URL)
Authenticating certain request types by passing the required information as a query string parameter enabling direct third-party browser access to your S3 data

Use Case: An Object Owner sharing private objects with others using a pre-signed URL using their own security credentials to grant time limited permission to download object
NB: Maximum duration of 7 days

S3 Transfer Acceleration
Amazon S3 is a bucket-level feature that enables fast, easy and secure transfers of files over long distances between your client and an S3 bucket.

Takes advantage of globally distributed edge locations in Amazon CloudFront.
NB: S3 Transfer Acceleration End-points
IPv4-http://bucketname.s3-accelerate.amazonaws.com
IPv6-http://bucketname.s3-accelerate.dualstick.amazonaws.com
S3 Transfer Acceleration cannot be disabled but only suspended after being enabled.

Versioning in Amazon S3
Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket.
Use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets.

How S3 Versioning Works?

If you delete an object,  Amazon S3 inserts a delete marker, which becomes the current object version instead of removing it permanently

If you overwrite an object, it results in a new object version in the bucket

You can always restore the previous version

*Versioning States *
Buckets can be in one of three states 

Unversioned (Default)

Versioning-Enabled

Versioning-Suspended

MFA Delete
Adding an additional layer of security by configuring a bucket to enable MFA (multi-factor-authentication) delete

MFA delete requires additional authentication for either of the following operations 
Change the versioning state of your bucket
Permanently deleting an object version

Top comments (0)