Just like the AWS EC2 provides virtual servers/compute machines as a service, AWS provides storage as a service through S3.
As we all know, today many companies are moving towards the cloud because of all the advantages it has which then leads to the question of storage. These applications deployed on the cloud will have databases, configuration files, and log files that will be generated from time to time which need to be securely stored. This is achieved through S3.
We can store any kind of data in S3, be it an image, video, PDF, file, folder etc. The data stored in an S3 bucket is called an "Object". The objects in S3 can be accessed by anyone across the world based on the bucket policies through a HTTP protocol. Hence, S3 is a global service.
Below listed are the most important features of S3:
Scalability
S3 is highly scalable, meaning we can increase the storage capacity of S3 as and when required.
Durability
The objects stored in S3 can be accessed at any time over the years. AWS claims that the objects stored in S3 can be retained for 100 years and are 99.99999999999% reliable. This is the special 11(9s) feature of S3 which says you can store 100 crores of data for 100 years. There is only a chance of missing 1 data in the worst case.
Availability
Whenever we create a bucket in S3, AWS creates multiple copies of it in multiple availability zones to make sure that data is available at any point in time so that we do not have to worry about losing data due to any internal or external factors.
Security
Since S3 stores critical information in regards to any software or a company, the security of the data stored in this is of para amount importance. AWS provides many levels of security for an S3 bucket. Some of them are listed below:
Access Control Lists(ACLs): Grants basic read/write permissions to other AWS accounts
Bucket Policies: The bucket policy, written in JSON, provides access to the objects stored in the bucket. Bucket policies don't apply to objects owned by other accounts.
Encryption: Amazon S3 uses one of the strongest block cyphers—256-bit Advanced Encryption Standard (AES-256) to encrypt each object uploaded to the bucket. It is of 3 types:
SE-KMS: You can choose an AWS KMS customer-managed key or use the default AWS-managed key (
aws/s3).SSE-KMS: It provides you with an audit trail that shows when your KMS key was used and by whom.
DSSE-KMS: This applies two individual layers of object-level encryption to satisfy compliance requirements for highly regulated customers.
Object lock feature: It helps prevent Amazon S3 objects from being deleted or overwritten for a fixed amount of time or indefinitely. Object Lock uses a write-once-read-many (WORM) model to store objects.
Access logging: We can enable the logging mechanism on S3, monitor them and send Cloudwatch notification through lambda functions in case of unauthorized or suspicious activities
CloudTrail: We can configure cloud trail on S3 buckets which enables continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Amazon S3
Cost-effective
S3 is AWS costs us much less in comparison to physical storage devices depending on the storage class that we are choosing. The cost of the storage is directly proportional to the access time. The below table provides more information on this:
In the next blog, we learn how to create an S3 bucket and enable static website hosting on it.