S3

Introduction

• It can used to host file and static website

Object

• Max object size: 5TB

• If larger than 5GB, must use multi-part upload

Security

IAM Policy

• To specify a user permission to specific bucket, suitable for grant access to a user

Bucket Policy

• To granting access to public or cross account

Versioning

• Can be enabled on bucket level

• Easy to rollback

• For deleting, it will add a delete marker on object

• After deleting delete marker, the object can restored

• It must be enabled if replication is needed

Storage Class

• General Purpose - Frequently Access Data

• Infrequent Access - Infrequent Access Data, but rapid access when needed, e.g: backup for recovery

• Glacier Storage - For archive/backup, low cost object storage

• Intelligent Tier - Move object across different class automatically based on the frequency of access to the object

Lifecycle Policy

• There are 2 types of action after the condition is triggered

• Moving storage class to another class

• Delete the object

Event Notification

• After the object is deleted/updated/created, the event will be triggered and send the message to sqs , sns, ... for performing additional logic

Encryption

• There are 4 types of encryption

• AWS S3 Managed Key - Enabled by default, encrypt the data by key managed by aws and decrypt when getting the data

• KMS Key - Generated key from AWS key management service and need specify the header x-amz-server-side-encryption: aws:kms

• Client Side key - using the key managed by user and pass it through the header

• Client Side encryption - encryption the file in application level

Pre-signed URL

• Generate a url with expiry time for user to access the resource temporarily

Access Point

• Define the policy for specific group of user (within VPC) to access specific resource