Amazon S3 (Simple Storage Service)

Introduction

Amazon S3 is an object storage service offering industry-leading scalability, data availability, security, and performance.

Key Features:

  • Unlimited storage capacity
  • 99.999999999% durability
  • Versioning support
  • Multiple storage classes
  • Strong consistency
  • Event notifications

Buckets and Objects

Bucket Operations

# Create bucket
aws s3 mb s3://my-bucket-name

# List buckets
aws s3 ls

# Upload object
aws s3 cp myfile.txt s3://my-bucket-name/

# Download object
aws s3 cp s3://my-bucket-name/myfile.txt ./

# Delete object
aws s3 rm s3://my-bucket-name/myfile.txt

Bucket Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-bucket-name/*"
        }
    ]
}

Storage Classes

Available Classes:

  • Standard - General purpose
  • Intelligent-Tiering - Unknown/changing access
  • Standard-IA - Infrequent access
  • One Zone-IA - Single AZ storage
  • Glacier - Long-term archival
  • Glacier Deep Archive - Lowest cost

Storage Class Transition

{
    "Rules": [
        {
            "ID": "TransitionRule",
            "Status": "Enabled",
            "Transitions": [
                {
                    "Days": 30,
                    "StorageClass": "STANDARD_IA"
                },
                {
                    "Days": 90,
                    "StorageClass": "GLACIER"
                }
            ]
        }
    ]
}

Security

Access Control

  • IAM Policies
  • Bucket Policies
  • Access Control Lists (ACLs)
  • Presigned URLs

Encryption

# Enable default encryption
aws s3api put-bucket-encryption \
    --bucket my-bucket-name \
    --server-side-encryption-configuration '{
        "Rules": [
            {
                "ApplyServerSideEncryptionByDefault": {
                    "SSEAlgorithm": "AES256"
                }
            }
        ]
    }'

Lifecycle Management

Lifecycle Rules

{
    "Rules": [
        {
            "ID": "MoveToGlacier",
            "Status": "Enabled",
            "Filter": {
                "Prefix": "archived/"
            },
            "Transitions": [
                {
                    "Days": 90,
                    "StorageClass": "GLACIER"
                }
            ],
            "Expiration": {
                "Days": 365
            }
        }
    ]
}

Lifecycle Actions:

  • Transition between storage classes
  • Object expiration
  • Incomplete multipart upload cleanup
  • Object version management

Performance

Best Practices

Performance Optimization:

  • Use appropriate prefixes
  • Enable multipart uploads
  • Use Transfer Acceleration
  • Consider S3 Select for queries
  • Use appropriate storage class

Multipart Upload

# Using AWS CLI with multipart
aws s3 cp largefile.zip s3://my-bucket-name/ \
    --multipart-threshold 100MB \
    --multipart-chunksize 100MB

Best Practices

Security Best Practices

Guidelines:

  • Use bucket policies and IAM
  • Enable versioning
  • Enable encryption
  • Use VPC endpoints
  • Enable access logging
  • Regular security audits

Cost Optimization

Cost Saving Tips:

  • Use appropriate storage classes
  • Implement lifecycle policies
  • Monitor usage patterns
  • Clean up incomplete uploads
  • Use S3 Analytics