2022-01-18 Chapter 5 - Simple Storage Service (S3)

service-s3-001; S3 manages data as {{c1::objects}} rather than in file systems. You can upload any file type you can think of to S3, but you can't use it to run an {{c1::operating system or database}}.

service-s3-002; Objects in S3 can be up to {{c1::5TB}} in size.

service-s3-003; You can store {{c1::an unlimited number of}} objects in S3.

service-s3-004; All S3 buckets share {{c1::the S3 namespace}}, so each {{c1::S3 bucket name is globally unique}}.

service-s3-005; When you upload a file successfully to S3, your browser will receive a {{c1::HTTP 200 status code}} in the response.

service-s3-006; A ''key" in S3 is an {{c1::object name}}, and the "value" is the {{c1::object itself}}. There is also a version ID as you can store multiple versions of the same object. There is also metadata e.g. content-type.

service-s3-007; Data in S3 is always spread across {{c1::multiple devices and facilities}}.

service-s3-008; S3 offers strong {{c1::read-after-write consistency}}.

service-s3-009; By default, public access to objects in S3 buckets is {{c1::blocked}}. This can be optionally changed, so that objects in buckets can be made public. In order to make an object public, you have to allow public access on both the {{c1::bucket and object}}.

service-s3-010; Object {{c1::access control lists (ACLs)}} control access to objects at an individual object level.

service-s3-011; {{c1::Bucket policies}} control access to objects at a bucket level.

service-s3-012; All S3 storage classes have {{c1::11 9s}} durability.

service-s3-013; It's possible to {{c1::host static websites on S3}} by making the bucket public using bucket policies and adding relevant content to the bucket.

service-s3-014; S3 scales {{c1::automatically with demand}}.

service-s3-015; S3 supports optional {{c1::versioning of objects}} as a bucket-level setting.

service-s3-016; S3 object versioning preserves {{c1::all writes}} and even {{c1::deleted objects}}.

service-s3-017; S3 with {{c1::object versioning}} enabled can be a great backup tool.

service-s3-018; Once enabled, {{c1::versioning}} in S3 cannot be {{c1::disabled}}, but it can be {{c1::suspended}}.

service-s3-019; Versioning in S3 can be integrated with {{c1::lifecycle rules}}.

service-s3-020; Versioning in S3 supports requiring {{c1::MFA for certain operations}}.

service-s3-021; S3 Standard is the default storage class in S3. It offers high availability and durability. It's designed for {{c1::frequent access}} and is suitable for {{c1::most workloads}}.

service-s3-022; S3 Standard-Infrequent Access (IA) is a storage class in S3 designed for {{c1::rapid but infrequent access to critical data}}. There is a lower per-GB storage price but you pay to {{c1::access the data}}.

service-s3-023; S3 One Zone - Infrequent Access is like S3 Standard-Infrequent Access but is stored only in one availability zone. It's suitable for {{c1::non-critical data}}.

service-s3-024; S3 offers two "Glacier" storage tiers which are used for {{c1::archiving}}. The first option "Glacier" offers retrieval times within {{c1::a few hours}}. The second option "Glacier Deep Archive" offers a retrieval time of {{c1::12 hours}} by default.

service-s3-025; S3 Intelligent Tiering moves data to the most cost-effective tier based on {{c1::how frequently you access each object}}. It's useful for data unknown access patterns.

service-s3-026; S3 Lifecycle Management automates moving objects from {{c1::higher}} to {{c1::lower storage tiers}} to maximise {{c1::cost effectiveness}}. You can use this in conjunction with {{c1::versioning}}, to move different {{c1::versions of objects}} to different storage tiers.

service-s3-027; S3 Object Lock can be used to store objects using a write once, read many (WORM) model. You can use it to meet regulatory requirements. It can be applied to {{c1::objects or entire buckets}}.

service-s3-028; In {{c1::governance}} mode, S3 object lock allows {{c1::users with special permissions}} to alter the retention settings or delete the object.

service-s3-029; In {{c1::compliance}} mode, S3 object lock prevents a protected object version from {{c1::being overwritten or deleted by any user, including the root user}}. This applies for the duration of the {{c1::retention period}}.

service-s3-030; A {{c1::legal hold}} is like an object lock but it doesn't have an associated retention period - it doesn't expire and must be removed.

service-s3-031; S3 Glacier Vault Lock is a way of applying a worm model to {{c1::Glacier}}.

service-s3-032; S3 supports {{c1::encryption in transit}} (using SSL/TLS and HTTPS).

service-s3-033; S3 offers three types of server-side encryption: 1) {{c1::SSE-S3 where S3 manages the keys using AES-256}} 2) {{c1::SSE-KMS - AWS Key Manage Service-managed keys}} and 3) {{c1::SSE-C: Customer-provided keys.}}

service-s3-034; AWS customers can alternatively use {{c1::client-side encryption}} before uploading objects to S3.

service-s3-035; Server-side encryption in S3 can be enforced both using {{c1::the console}} and a {{c1::bucket policy}} (to deny {{c1::HTTP PUT requests}} missing {{c1::encryption headers}}).

service-s3-036; S3 has very low {{c1::latency}} and supports a high number of requests ({{c1::3,500}} PUT/COPY/POST/DELETE requests and {{c1::5,500}} GET requests per second per prefix). Spread operations across {{c1::prefixes}} to get higher performance.

service-s3-037; When using SSE-KMS to encrypt objects in S3, you must also consider the limits in the {{c1::KMS API}}, which are region-specific and may cap S3 performance.

service-s3-038; {{c1::Multipart uploads}} are recommended for files over 100mb required for files over 5GB. These {{c1::parallelise}} the uploads.

service-s3-039; You can parallelise downloads from S3 by specifying {{c1::byte ranges}}.

service-s3-040; S3 replication used to be called cross-region replication. It's a way of replicating objects from one {{c1::bucket to another}}. It requires that {{c1::versioning}} is enabled on both buckets.

service-s3-041; Objects in an existing bucket are not {{c1::automatically replicated}} if replication is turned on for the bucket.

service-s3-042; {{c1::Delete markers}} in S3 are not replicated by default but replication of these can be turned on manually.