This is the takeaway notes that I have penned down from Ryan Kroonenburg’s online training. He is a founder of A Cloud Guru (One of the Best AWS Training provider on the planet!).

We will be having discussion on key important points on S3 (Simple Storage Service) that have high weight-age in the AWS Solution Architect Associate Certification Exam.

What is Simple Storage Service (S3)

As name implies, It is a storage service from amazon to store your files reliably and securely.

S3 is object based and object consist of

1. Key-Value store, where key is the name of the object and value is the actual data inside the file
2. Metadata
3. Versioning ( Versioning stores all the versions of the file, even if you delete it, a great way to back-up, Also supports MFA (Multi-Factor authentication to have additional security layer). Once enabled versioning can’t be disabled. It can only be suspended.
4. Subresources such as ACL (Access Control List setting both file level permission and bucket level, Torrenting )

Things to consider before  provisioning S3 storage:

1. Object-based Storage, meaning you can only store files in S3 such as pictures, videos, pdfs, docs, etc. You can NOT store OS, Applications such as Database Server in S3
2. Files are stored in Buckets (Container), think bucket as a special folder. It’s names should be globally unique. The format of S3 bucket unique identifier is https://s3.{region-name}.amazonaws.com/{your-bucket-name}.
3. Whenever your file upload is successful, you will receive HTTP status 200.
4. Files can vary from 0 to 5 TB.
5. There is unlimited storage and you will be charged hourly basis.
6. SLA for availability is 99.9%
7. Amazon guarantees 99.9% durability (11×9 after dot to be precise)
8. Support for Encryption
9. Charged for Storage, Requests, Storage management pricing (such as Tags), Data transfer (Cross Region) and Transfer Acceleration ( Basically uses Amazon’s CloudFront a CDN service from AWS which is data center closed to user’s location)

Understanding Data Consistency in S3

Read After Write for PUTS of new Objects

This means, you can immediately read the contents of file, when you upload new file.

Eventual Consistency for overwrite PUTS and DELETES

This means, when you modify the file contents, overwrite or delete  the file, it may take few seconds to propagate the changes.

The reason behind this delay is that  S3 is spanned across multiple availability zones and regions. When you have modified or overwritten the file it may have done at one data center at some location. So there will be some latency will be involved to replicate changes across multiple data center.

Types of S3

S3 Standard

Stable, redundant across multiple disks and availability zones and Durable, Minimum storage duration charge is 30 days, No charge for retrieval. Can sustain the loss of 2 concurrent aws availability zones.

S3 IA (Infrequently Accessed)

Less frequently accessed Data but quick retrieval,  Minimum storage duration charge is 30 days. Charged for data retrieval. Lower cost than S3 Standard.

S3 One Zone – IA

Same as S3-IA but only stored in one availability Zone, lower cost than S3 IA.

Glacier

Cheapest, Used for mostly data archival .  Don’t care of retrieval times, Minimum storage duration charge is 90 days

• Expedited : Data retrieval within few minutes
• Standard : Data retrieval takes 3-5 hours
• Bulk : Data retrieval takes 5-12 hours

Security and Encryption

There are two main types of Encryption

In Transit

This is basically encryption from your pc to AWS, and basically secured using SSL/TLS. Basically uses https.

At Rest

There are two types of At rest encryption.

Server Side Encryption

S3 Managed Keys (SSE-S3)

Uses AES-256 (Advanced Encryption Standard). Each object is encrypted with unique Key, with additional safe guard AWS encrypt key with Master key and it regularly rotate this key. This is completely handled by Amazon.

AWS Key Management Service (SSE-KMS)

Similar to SSE-S3 with few additional benefits such as provides Audit trail that who is decrypting what and when.

Server Side Encryption with Customer provided keys (SSE-C)

Again similar as SSSE-S3, however you have to manage encryption key and AWS will manage encryption.

Client Side Encryption

You encrypt the data on client side and then upload in S3.

Security can implemented using Bucket policies and Access control lists.

Transfer Acceleration

This service utilizes AWS CloudFront Edge Network to accelerate your uploads to S3. Instead of uploading directly to your S3 bucket, we can use distinct url to upload directly to an edge location which will then transfer the file to S3.

Hopefully we have covered, most of the important aspects of S3. I will continue posting on AWS Certified Solution Architect Exam topics. Please feel free to provide your feedback.