S3
Introduction
It can used to host file and static website
Object
Max object size: 5TB
If larger than 5GB, must use multi-part upload
Security
IAM Policy
To specify a user permission to specific bucket, suitable for grant access to a user
Bucket Policy
To granting access to public or cross account
Versioning
Can be enabled on bucket level
Easy to rollback
For deleting, it will add a delete marker on object
After deleting delete marker, the object can restored
It must be enabled if replication is needed
Storage Class
General Purpose - Frequently Access Data
Infrequent Access - Infrequent Access Data, but rapid access when needed, e.g: backup for recovery
Glacier Storage - For archive/backup, low cost object storage
Intelligent Tier - Move object across different class automatically based on the frequency of access to the object
Lifecycle Policy
There are 2 types of action after the condition is triggered
Moving storage class to another class
Delete the object
Event Notification
After the object is deleted/updated/created, the event will be triggered and send the message to sqs , sns, ... for performing additional logic
Encryption
There are 4 types of encryption
AWS S3 Managed Key - Enabled by default, encrypt the data by key managed by aws and decrypt when getting the data
KMS Key - Generated key from AWS key management service and need specify the header x-amz-server-side-encryption: aws:kms
Client Side key - using the key managed by user and pass it through the header
Client Side encryption - encryption the file in application level
Pre-signed URL
Generate a url with expiry time for user to access the resource temporarily
Access Point
Define the policy for specific group of user (within VPC) to access specific resource
Last updated