S3

Introduction

  • It can used to host file and static website

Object

  • Max object size: 5TB

  • If larger than 5GB, must use multi-part upload

Security

IAM Policy

  • To specify a user permission to specific bucket, suitable for grant access to a user

Bucket Policy

  • To granting access to public or cross account

Versioning

  • Can be enabled on bucket level

  • Easy to rollback

  • For deleting, it will add a delete marker on object

  • After deleting delete marker, the object can restored

  • It must be enabled if replication is needed

Storage Class

  • General Purpose - Frequently Access Data

  • Infrequent Access - Infrequent Access Data, but rapid access when needed, e.g: backup for recovery

  • Glacier Storage - For archive/backup, low cost object storage

  • Intelligent Tier - Move object across different class automatically based on the frequency of access to the object

Lifecycle Policy

  • There are 2 types of action after the condition is triggered

  • Moving storage class to another class

  • Delete the object

Event Notification

  • After the object is deleted/updated/created, the event will be triggered and send the message to sqs , sns, ... for performing additional logic

Encryption

  • There are 4 types of encryption

  • AWS S3 Managed Key - Enabled by default, encrypt the data by key managed by aws and decrypt when getting the data

  • KMS Key - Generated key from AWS key management service and need specify the header x-amz-server-side-encryption: aws:kms

  • Client Side key - using the key managed by user and pass it through the header

  • Client Side encryption - encryption the file in application level

Pre-signed URL

  • Generate a url with expiry time for user to access the resource temporarily

Access Point

  • Define the policy for specific group of user (within VPC) to access specific resource

PreviousRoute 53NextMessage Queue

Last updated

Was this helpful?