Computer scienceSystem administration and DevOpsAmazon Web ServicesStorage on AWS

Amazon S3 Concepts

Provided by: JetBrains Academy
6 minutes read

Modern applications require a reliable and scalable place to store data. Managing storage systems can be expensive to maintain and scale. For this reason, applications use Amazon Simple Storage Service (Amazon S3), a highly scalable, reliable, and cost-effective object storage service provided by Amazon Web Services (AWS). It allows you to store and retrieve any amount of data from anywhere on the web, making it an essential component of many applications.

In this topic, you'll learn about the core components and concepts of Amazon S3, compare different storage classes, create and manage S3 buckets, and apply security best practices to protect your data.

Core concepts and components

Amazon S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases. These include websites, mobile applications, backup and restore, archiving, enterprise applications, IoT devices, and big data analytics.

To effectively use Amazon S3, it's crucial to understand its key components and concepts. These are:

  • Buckets: A bucket is a container for objects stored in Amazon S3. It's similar to a filing cabinet in an office, where you store and organize your files;

  • Objects: Objects are the fundamental entities stored in Amazon S3. They consist of object data and metadata. Each object is identified by a unique key (name) within a bucket, just like a file in a filing cabinet;

  • Keys: A key is a unique identifier for an object within a bucket. It's used to retrieve the object from the bucket, similar to a file name in a filing cabinet;

  • Versioning: S3 allows you to keep multiple versions of an object in the same bucket, providing protection against accidental deletions or overwrites;

  • Lifecycle Management: These are rules to automatically transition objects between storage classes or expire them after a specified time, optimizing costs;

  • Static web hosting: S3 can also host static websites, serving HTML, CSS, JS, and images directly from a bucket. Here, it acts as a web server for simple websites that do not require server-side processing.

Amazon S3 offers the following key benefits:

  • Scalability: Automatically scales to handle any amount of data, from a few kilobytes to petabytes;

  • Durability and Availability: Designed for 99.999999999% (11 9's) durability and 99.99% availability of objects over a given year;

  • Low Latency: Provides low-latency access to data, making it suitable for a wide range of applications.

S3 storage classes

Amazon S3 offers several storage classes designed for different use cases and requirements. Each storage class has unique characteristics, such as durability, cost, availability, and retrieval times. The following table summarizes them:

Storage Class

Description

Use Case

S3 Standard

High durability, availability, and performance for frequently accessed data.

Frequently accessed data such as dynamic websites, content distribution, and mobile apps.

S3 Intelligent-Tiering

Automatically moves data between two access tiers (frequent and infrequent) based on changing access patterns.

Data with unpredictable access patterns, optimizing storage costs without performance impact.

S3 Standard-IA

Lower-cost storage for data that is accessed less frequently but requires rapid access when needed.

Infrequently accessed data such as backups and long-term storage for disaster recovery.

S3 One Zone-IA

Low-cost option for infrequently accessed data that does not require multiple Availability Zone resilience.

Infrequently accessed data that can be recreated if the Availability Zone is destroyed.

S3 Glacier

Low-cost storage for data archiving with retrieval times ranging from minutes to hours.

Long-term data archiving, digital preservation, and backup with infrequent access.

S3 Glacier Deep Archive

Lowest-cost storage class designed for long-term retention of data that is rarely accessed, with retrieval times within 12 hours.

Long-term data archiving and digital preservation for data that is rarely, if ever, accessed.

For more details, refer to the Storage Classes documentation.

When choosing a storage class, consider factors such as data access frequency, retrieval requirements, and budget constraints. You can transition objects between storage classes using S3 Lifecycle management policies to optimize costs based on your data access patterns. For example, you can create a lifecycle rule to automatically move objects from S3 Standard to S3 Glacier after 90 days of inactivity:


{
  "Rules": [
    {
      "ID": "Move to Glacier after 90 days",    
      "Status": "Enabled",
      "Transitions": [
        {
          "Days": 90,
          "StorageClass": "Glacier"
        }
      ]
    }
  ]  
}

Creating and Managing S3 Buckets

You can create a bucket using the console, CLI, or SDKs. When creating a bucket, you can specify the region where the bucket will be created. This can affect latency and costs.

To create a new bucket, follow these steps:

  1. Open the Amazon S3 console and click "Create bucket".

  2. Provide a unique bucket name and select the desired AWS Region.

  3. Configure options such as versioning, access control, and encryption.

  4. Review your settings and click "Create bucket".

You can also use SDKs or CLI commands to create buckets. The command below creates a bucket in the us-east-1 region:

aws s3 mb s3://my-bucket777 --region us-east-1

Once your bucket is created, you can upload objects to it using the S3 console, AWS CLI, or SDKs. When uploading objects, you can specify properties such as storage class, encryption, and metadata.

aws s3 cp /path/to/your/image.jpg s3://your-unique-bucket-name/image.jpg

Although S3 doesn't have a traditional folder hierarchy, you can use prefixes to create a logical structure within your buckets.

By effectively creating and managing your S3 buckets and objects, you can optimize your storage costs and ensure your data is organized and accessible when needed.

S3 security and access control

Securing your S3 buckets and objects is crucial to protect your data from unauthorized access. For example, imagine a scenario where an organization's S3 bucket containing sensitive customer data was accidentally made public. This could lead to a data breach, legal consequences, and damage to the company's reputation. By default, all S3 buckets and objects are private. You can control access using:

  • Bucket Policies: JSON documents that define allowed or denied actions on the bucket and its objects;

  • Access Control Lists (ACLs): Documents that define individual permissions for objects within a bucket;

  • IAM Policies: Policies that manage permissions for users and roles within your AWS account;

  • Block Public Access: S3 Block Public Access settings that help prevent inadvertent public exposure of your buckets and objects.

Additionally, S3 offers multiple options for ensuring that data cannot be read by encrypting it at rest and in transit:

  • Server-Side Encryption (SSE): A feature where Amazon S3 manages the encryption keys;

  • Client-Side Encryption: An option where you manage the encryption keys and encrypt data before uploading.

S3 integrates with AWS CloudTrail for logging API calls and provides access logs for monitoring bucket access. You can also use Amazon CloudWatch for monitoring and setting alarms. With versioning, you can preserve, retrieve, and restore every version of objects stored in an S3 bucket, adding a layer of protection against accidental or malicious deletions and overwrites.

When configuring security for your S3 buckets, follow these best practices:

  • Implement least privilege access, granting only the necessary permissions to users and roles;

  • Enable S3 Block Public Access to ensure that your buckets and objects are not publicly accessible by default;

  • Use IAM policies and bucket policies to enforce granular access control;

  • Encrypt sensitive data using SSE or client-side encryption;

  • Regularly review and monitor access logs to detect and respond to potential security incidents.

For more information, refer to the Amazon S3 Security best practices documentation.

Conclusion

Amazon S3 is a versatile and scalable cloud storage service that offers a range of features and capabilities. Understanding the core concepts, such as buckets, objects, and storage classes, is essential for effectively using S3.

In this topic, we covered:

  • The core components and concepts of Amazon S3, including buckets, objects, and metadata

  • A comparison of different S3 storage classes and their use cases

  • Creating and managing buckets and objects using various methods

  • Applying security best practices and access control mechanisms to protect your data

With this knowledge, you're now ready to start using Amazon S3 and leveraging its capabilities for your storage needs. So, let's put your skills into practice through hands-on exercises and explore the power of S3!

5 learners liked this piece of theory. 0 didn't like it. What about you?
Report a typo