DEV Community

Cover image for Amazon S3 - Business continuity and Disaster recovery

Posted on

Amazon S3 - Business continuity and Disaster recovery

Business Continuity:

Keeps business functioning despite significant disruptive events.

Disaster Recovery:

Natural or Human made event that causes an impact to business.

S3 for Business Continuity and Disaster Recovery:

S3 provides 99 point 11 nine's durability. Stored across min of 3 AZs (except S3 One Zone-IA storage class).

S3 Object Lock:

Immutable data (regulatory requirement). Replication - Increase availability.


Multiple variants of object.
Recovery from unintended user actions and application failures.
Overwrite creates new version. Deletion creates a delete marker instead of removing object.
Default - unversioned. But once enabled, can't return to unversioned state. Versioning can be suspended to stop accruing new versions.

Even in unversioned (default state)- all objects have version ID (null). Upon enabling versioning, the existing objects unchanged .ie. their version ID remains same (null). Delete Object (without versionID)-delete marker is set. And when we retrieve (current version) - 404 returned.

Removing delete markers:

Delete (Object + versionId)

S3 Lifecycle management:

Transition actions, when objects transition to another S3 storage class.
Expiration actions, when objects expire (versioning enabled)-S3 expires objects by adding delete marker.
Best practice: Move non-current version to Glacier class then delete after 1 year.

S3 Object lock:

Only in versioned buckets.
WORM-Write Once Read Many model. Prevent objects from deleted/overwritten for fixed time/indefinitely.
Retention period - time object can't be overwritten/deleted. Legal holds - No expiration date.
Configure bucket for Object Lock. Both can be at object level.

Versioning auto enabled when you create bucket with S3 Object Lock. S3 Object lock protection also moved between storage classes during Lifecycle transitions.

Indefinite locking-use Legal holds (because no retention period). Apply/change object lock operations for even billions of objects using $3 Batch operations.

Object Lock retention modes:

Compliance mode - Immutable until retention period. No one can delete/overwrite including root user. Also retention period cannot be edited. Delete entire AWS account to delete the file.
Governance mode - Specific users given permission to alter retention settings/delete objects.

Object Replication:

Replicate all objects or subset (use prefix/tags).
Replicates objects in same storage class as source object (default settings - but can specify different storage class for replicas).
Default, replicates tags, Object Lock settings. 99.99% of objects replicated in seconds.

S3 Multi-Region Access Points:

Request --> Multi-Region Access Points --> Request routed to less latency (closest) region (enable cross-region replication)

Top comments (0)