AWS S3 — Simple Storage Service
AWS S3 — Simple Storage Service
Section titled “AWS S3 — Simple Storage Service”Amazon S3 is AWS’s object storage service — scalable, highly durable, and globally accessible. It stores any kind of data (files, images, videos, backups, logs, static websites) as objects inside buckets.
In Azure terms: AWS S3 = Azure Blob Storage
Core Concepts
Section titled “Core Concepts”| Term | Description |
|---|---|
| Bucket | Top-level container for objects (like a folder at the root level) |
| Object | A file and its metadata stored in a bucket |
| Key | The full path/name of an object within a bucket (e.g., images/photo.jpg) |
| Region | Each bucket is created in a specific AWS region |
| Prefix | A string used to simulate folder hierarchies (e.g., logs/2024/) |
S3 Bucket Naming Rules
Section titled “S3 Bucket Naming Rules”- Must be globally unique across all AWS accounts
- 3–63 characters long
- Lowercase letters, numbers, and hyphens only
- Cannot be formatted as an IP address
Storage Classes
Section titled “Storage Classes”| Class | Use Case | Durability | Retrieval |
|---|---|---|---|
| S3 Standard | Frequently accessed data | 99.999999999% (11 nines) | Instant |
| S3 Intelligent-Tiering | Unknown or changing access patterns | 11 nines | Instant |
| S3 Standard-IA | Infrequently accessed, needs fast retrieval | 11 nines | Instant (retrieval fee) |
| S3 One Zone-IA | Infrequent access, single AZ (lower cost) | 11 nines (single AZ) | Instant (retrieval fee) |
| S3 Glacier Instant | Archive with immediate retrieval | 11 nines | Instant |
| S3 Glacier Flexible | Archive, retrieval in minutes to hours | 11 nines | Minutes to hours |
| S3 Glacier Deep Archive | Lowest cost archive, retrieval in hours | 11 nines | 12–48 hours |
In Azure terms: Standard ≈ Hot, Standard-IA ≈ Cool, Glacier ≈ Archive.
Security
Section titled “Security”Bucket Policies (Resource-based)
Section titled “Bucket Policies (Resource-based)”{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-public-bucket/*" } ]}Access Controls
Section titled “Access Controls”| Mechanism | Description |
|---|---|
| Bucket Policy | JSON policy attached to the bucket — controls who can access what |
| IAM Policy | Controls what an IAM identity can do with S3 |
| Block Public Access | Account or bucket-level toggle to prevent public access (enabled by default) |
| ACLs | Legacy per-object access control — avoid in new architectures |
| Presigned URLs | Temporary signed URLs for sharing private objects |
| Server-Side Encryption | SSE-S3 (AES-256), SSE-KMS (customer-managed keys), SSE-C (customer keys) |
Key Features
Section titled “Key Features”Versioning
Section titled “Versioning”Enable versioning to keep multiple versions of an object:
aws s3api put-bucket-versioning \ --bucket my-bucket \ --versioning-configuration Status=Enabled- Protects against accidental deletion
- Each overwrite creates a new version with a unique ID
- Old versions billed at standard storage rates
Lifecycle Policies
Section titled “Lifecycle Policies”Automate transitions between storage classes or deletion:
{ "Rules": [{ "Status": "Enabled", "Transitions": [ { "Days": 30, "StorageClass": "STANDARD_IA" }, { "Days": 90, "StorageClass": "GLACIER" } ], "Expiration": { "Days": 365 } }]}Static Website Hosting
Section titled “Static Website Hosting”S3 can host static websites (HTML, CSS, JS):
aws s3 website s3://my-bucket/ \ --index-document index.html \ --error-document error.htmlIn Azure terms: this is equivalent to Azure Storage static website hosting.
S3 Event Notifications
Section titled “S3 Event Notifications”Trigger Lambda, SQS, or SNS when objects are created, deleted, or replicated.
S3 vs Azure Blob Storage
Section titled “S3 vs Azure Blob Storage”| Feature | AWS S3 | Azure Blob Storage |
|---|---|---|
| Container name | Bucket | Container |
| Object path | Key | Blob name |
| Storage tiers | Standard, IA, Glacier | Hot, Cool, Cold, Archive |
| Static website | Built-in | Built-in |
| Versioning | Optional | Optional |
| Global uniqueness | Bucket name (global) | Storage account name (global) |
| Encryption at rest | SSE-S3 / SSE-KMS | SSE with Microsoft/Customer managed keys |
| SDK integration | boto3 (Python), aws-sdk (JS) | azure-storage-blob |
CLI Examples
Section titled “CLI Examples”# Create a bucketaws s3 mb s3://my-unique-bucket-name --region us-east-1
# Upload a fileaws s3 cp ./file.txt s3://my-bucket/file.txt
# Sync a local folder to S3aws s3 sync ./local-folder s3://my-bucket/folder/
# List objects in a bucketaws s3 ls s3://my-bucket/ --recursive
# Download a fileaws s3 cp s3://my-bucket/file.txt ./file.txt
# Delete an objectaws s3 rm s3://my-bucket/file.txt
# Set bucket to block all public accessaws s3api put-public-access-block \ --bucket my-bucket \ --public-access-block-configuration \ "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"