Amazon S3 is an object storage service that provides scalable storage for data. It consists of buckets which contain objects. Objects are stored in regions and availability zones for high availability and durability. Access is private by default but can be controlled through access control lists and policies. Different storage classes exist for different access needs, including standard, infrequent access, and glacier. Life cycle rules can transition objects between classes. Versioning and cross-region replication provide redundancy. Encryption options protect data security. S3 can also host static websites and is commonly used for media files, archives, logs, backups, and static websites.
2. Agenda
• What is S3
• Concepts & Fundamentals
• Access Control
• Storage Classes
• Life cycle rules
• Encryption and Security
• Versioning
• Cross Region replication
• Website hosting
3. Simple Storage Service (S3)
Amazon Simple Storage Service is object storage
for the Internet. It is designed to make web-scale
computing easier for developers.
5. AWS Regions & Availability Zones
Regions: A region is a physical location in the world which consist of two or more
availability zones (AZ).
Availability Zones: An AZ is one or more discrete data centers each with redundant
power, networking and connectivity, housed in separate facilities prevented from
disasters.
6. S3 Buckets & Objects
Bucket: It is a container of objects. It is globally unique. As the bucket name later
becomes the DNS access point for the bucket. It is a web store.
Objects: They are key value pair. Key is the unique identifier of the object. Value is
its data sequence of bytes. It also contain version Id and other metadata.
7. Data Consistency
Read After write: It is for new objects. It will be available right
away.
Eventual Consistency: It means data will be updated eventually.
Updated Data may not be available the moment you update it.
8. Why S3 ?
• It is Highly Available i.e. It is build of 99.99% availability.
• Its SLA is 99.9% availability.
• Amazon guarantee 99.999999999% durability for S3
information. Also known as “eleven 9s of durability” It
means if you upload X number of files 99.999999999% of the
data will be kept and nothing would be lost.
10. Private by default
• Everything is private by default. Bucket. Objects.
• You can apply ACLs & Policies on the bucket.
• You can apply ACLs & Policies on particular objects.
• You can apply per IAM User/role policies on buckets and
Objects
12. Types of Storage Classes
• STANDARD: You default/normal storage class.
• STANDARD IA (S – IA) : Charges a retrieval fee. Same Latency
and performance as standard. S3 Standard-IA is for data that
is accessed less frequently, but requires rapid access when
needed
• One-Zone IA: It has the same performance latency as
Standard however it stores data only in One zone. It cost
20% less than standard S3.
• Glacier: It is a long term archival storage. It cost less and
retrieving might take hours depending upon the
configuration.
13. Life Cycle Rules
• Change Class tier of 30 days of creation
• Change class tier after 60 days in cheaper storage class
• Delete an object after Certain number of days.
15. Encryption and data Security.
• Server Side Encryption
• S3 Managed Keys (SSE-S3)- AES-256. Each object is
encrypted by it's own key and all the keys are then
encrypted by a master key and it rotates master key after a
while. Amazon manages for you.
• AWS-Key management service, Managed Keys - SSE-KMS. It
will always provide you an audit trail of who uses the keys
and when. This service cost extra.
• Server side encryption with customer provided key - SS3-C.
This is where you manage the encryption key.
• Client Side Encryption (When you encrypt the data on client
side and upload it on S3)
16. S3 Versioning
• Once enabled it cannot be disabled. However it can be
suspended. Each time a file is updated it maintains it's version.
So the storage and drastically increase. To delete a version
simply deleting a file will not delete it. You need to click on the
“show versions” and then delete the selected version or all of
it to remove the file completely.
17. S3 Cross Region Replication
• In order to turn on cross-region replication you need to make sure versioning is turned
on in both of the buckets because CRR is built on top of versioning. CRR cannot be
enabled in the same region you must choose a bucket of different region. You need to
add cross-region replication rule as well. You can choose to replicate entire bucket or just
things with prefix (folders). The CRR is enabled current/existing content of the bucket will
not be replicated.
• If you delete a file from a bucket where cross region replication is enabled it will replicate
the delete marker to other region as well. Hiding the file from both buckets. But when
you delete the delete market it is not replicated cross all region this is the strange
behavior of AWS CRR.
• You cannot replicate to multiple buckets or use daisy chaining ( at this time).
• Deleting individual versions or delete markers will not be replicated.
18. S3 Transfer Acceleration
Amazon S3 Transfer acceleration enables fast, easy and secure
transfer of files over long distances between your end users and
an S3 bucket. It takes advantage of amazon CDN CloudFront
globally distributed edge locations. As the data arrives at an
edge location, data is routed to Amazon S3 over an optimized
network path. SO if a user wants to upload a file and they are
far away from s3 bucket. They will simply upload file to an edge
location on their internet. And then since amazon has better
communication network with it's edge location it then uploads
the file from edge location to s3 bucket.
20. Hosting Static Website.
• Must have bucket name same as dns.
• Advantage is that it can handle any number of load and scale
automatically without your intervention. Because there is an
AWS SLA for performance.
• The best case would be marketing websites of an
event/conference. In which you expect high traffic after the
event you expect no traffic.
21. Common Uses for S3.
• Media Files
• Archives
• Logs
• Static Websites.
• Backups