AWS Certification: S3 Storage Essentials and Concepts Cheat Sheet

Introduction

Amazon s3 is a highly available and durable object storage which can store virtually any type of data. (Images, Videos, text documents, backups and so on). It is a global service, however, you can get the region-specific endpoint for faster access.

Terminologies:

1. Bucket: A logical separation to store data. A bucket should have a unique name as it has a universal namespace. Each bucket can be accessed globally using a unique URL.
2. Object: Each data stored is called an object. Can be accessed via unique URL globally.

Key Points

1. Pure Object storage
2. Each file can range between 1 b to 5 TB.
3.  Allows unlimited storage.
4. Files are stored in buckets.
5. It is a key value store. (key: name, value: data)
6. Each object has a version ID.
7. Each object has a metadata associated with it.
8. AWS provides 99.99% availability and 99.999999999 % of durability.
9. Provides Life Cycle management for objects.
10. Provides versioning of objects.
11. Provides encryption of objects.
12. Provides security using ACL’s and Bucket policies.
13. Amazon S3 Transfer Acceleration feature can be used to accelerate the speed of object creation and retrieval. In this scenario, you will be charged only if there is a performance improvement.

Object Consistency:

S3 objects have the following consistency model.

1. Read after write consistency for PUTS for new objects
2. Eventual consistency for overwrite PUTS and DELETES (Takes a while to propagate)

S3 URL’s:

Supports the following two type of URL’s.

1. virtual-hosted–style URL:  It has the following structure. http://bucket.s3-aws-region.amazonaws.com.
2. Path Style:  It has the following structure. http://s3-aws-region.amazonaws.com/bucket

S3 Storage Types and Classes

1. s3 standard: 99.99% availability and 99.999999999 % of durability .
   1. can withstand 2 Availability zone failures.
   2. Optimal for very frequent data access and storage
   3. supports SSL in transit and rest
2. S3 Infrequent Access: This is for data which need very less  accessed data but needs rapid access.  Also,  Comes with 99.9% availability and 99.999999999 % durability.
   1. Cheaper than s3 standard.
   2. Comes with a data retrieval charge.
   3. This is suitable for a disaster recovery storage option.
   4. supports SSL in transit and rest
3. Reduced Redundancy Storage: Gives 99.99% availability and 99.99% durability.
   1. This type is for the data you can afford to loose. Basically non-critical data.
   2. supports SSL in transit and rest
4. Glacier: This is an archival storage.
   1. To retrieve data from glacier it takes 3 -5 hrs after the request.

Here is the comparison Table

S3 Object Versioning:

Object versioning is supported by S3.

1. You can version the object you upload to s3 for to prevent accidental deletion.
2. Every time you update the object a new versioned object will be added to your bucket increasing the space as there is no mechanism for deduplication or incremental backup. So it is necessary to think in terms of cost you are opting for versioning.
3. Once you enable versioning, you cannot disable it. You can only suspend it.
4. Can be integrated with Life Cycle Rules for purging unwanted data.
5. MFA can be used in conjunction with versioning for providing extra security.

Cross Region Replication

To maintain high availability of your object, you can enable the cross region replication of bucket. The only catch here is, if you enabling this of an existing bucket with objects, it will not replication the already existing objects. It will only replicate the new objects being uploaded to the bucket.

To enable cross region replication, your source and destination buckets shoould be versioned.

S3 Life Cycle Management

you can set lifecycle policies to you s3 data to move to infrequent storage and then to the glacier for archival. Also, you  can mention the deletion time.

1. The minimum days for moving standard data to infrequent access is 30 days and 128kb data.
2. However, you can move to glacier from standard in 1 day using lifecycle policies.
3. You cannot move objects to RR storage class using policies.

s3 Transfer Acceleration

This feature enables faster s3 object uploads using the CloudFront edge locations. If you enable this feature, you will get a distinct URL for uploading data to S3. You will be charged extra for this feature only if there is an improvement in transfer as compared to the normal upload.

Following are the use cases for s3 transfer acceleration.

1. If your user base is across the world and they all upload data to one centralized bucket.
2. If you are transferring terabytes of data across continents.

S3 Security

By default a new S3 bucket is private. You can secure your bucket objects using the following.

1. Bucket policies
2. Access control lists.
3. You can enable detailed access logs which you can store in a different bucket.

Encryption:

There are two types of encryption,

1. In Transit – using SSL/TSL.
2. At rest: There are four types
   1. Service Side Encryption: – It has the following three types.
      1. S3 managed Keys (SSE-s3)In this, each object is encrypted using a key, and the keys are again encrypted using a master key. The master key is regularly rotated. Encryption used is AES 256
      2. AWS key management Service (SSE-KMS): – Here the customers custom key is used as the master key for encryption using the AWS key management service.
      3. Customer-Provided Keys (SSE-C):–  In this case, the customer has to set the encryption key. AWS will use this key for encrypting and decrypting the data.
   2. Client Side Encryption:- In this case, you encrypt the data using any encryption scheme and then upload it to s3.

S3 Pricing:

S3 is charged on the following basis.

1. Storage
2. Request
3. Data Transfer.