1. Amazon Simple Storage Service
(AWS S3)
The Infinite Hard Drive in the Cloud
Presented By:
Piyush Agrawal
Date: 15th April’18
2. Agenda
• Functions and Concept of S3
• Resources and Components
• Security and Access Management
• Pricing and Cost Model
• Common Use Scenarios
• Resources
3. Functions and Concepts of S3 (1 of 2)
• Stands for Simple Storage Service, an storage over the internet
• S3 provides unlimited storage space and works on the pay as you use
model
• Service rates gets cheaper as the usage volume increases
• An object storage built to store and retrieve any amount of data, at any
time, from within Amazon EC2 or from anywhere on the web
• Designed to deliver 99.999999999% durability
• S3 is an Object level storage (not a Block level storage) and can be used to
host static websites
• S3 resources for e.g. buckets and objects are private by default
4. Functions and Concepts of S3 (2 of 2)
• highly-scalable, reliable, and low-latency data storage infrastructure at very
low costs.
• allows you to write, read, and delete objects containing from 1 byte to 5
terabytes of data each.
• number of objects you can store in an Amazon S3 bucket is virtually
unlimited.
• allows concurrent read or write access to Amazon S3 data by many
separate clients or application threads.
• provides data lifecycle management capabilities, allowing users to define
rules to automatically archive Amazon S3 data to Amazon Glacier, or to
delete data at end of life.
5. Resources and Components
• These are the key concepts and terminology you need to understand to use Amazon S3
effectively:
• Buckets
• A container for objects stored in S3 and help organize the S3 namespace
• helps identify the account responsible for storage and data transfer charges. Bucket
ownership is not transferable
• S3 bucket names are globally unique, regardless of the AWS region in which you create
the bucket
• Even though S3 is a global service, buckets are created within a region specified during the
creation of the bucket
• There is no limit to the number of objects that can be stored in a bucket and no difference
in performance whether you use many buckets to store your objects or a single bucket to
store all your objects
• 100 buckets (soft limit) can be created in each of AWS account
• Buckets cannot be nested and cannot have bucket within another bucket
• You can delete a empty or a non-empty bucket
• S3 allows retrieval of 1000 objects and provides pagination support
6. Resources and Components
• Objects
• Objects are the fundamental entities stored in S3 bucket
• Object is uniquely identified within a bucket by a keyname and version ID
• Objects consist of object data, metadata (set of name-value pairs that
describe the object for e.g. content-type, size, last modified), version-id and
Access control Information
• Metadata for an object cannot be modified after the object is uploaded and
it can be only modified by performing the copy operation and setting the
metadata
• Objects belonging to a bucket reside in a specific AWS region never leave
that region
• With Versioning enabled, you can retrieve current as well as pervious
versions of an object
7. Security and Access Management
• All buckets and objects are by default private, only bucket and object owners
have access to the Amazon S3 resources they create
• Flexible Access Control Mechanisms
• Provides multiple mechanisms to provide fine-grained control of access to Amazon S3
resources.
• Data protection feature enables you to protect your data from both logical and physical
failures, and guard against data loss from unintended user actions, application errors, and
infrastructure failures.
• Amazon S3 provides four different access control mechanisms: AWS Identity and Access
Management (IAM) policies, Access Control Lists (ACLs), bucket policies, and Query String
Authentication
• With IAM policies, you can grant IAM users fine-grained control to your Amazon S3 bucket or
objects. You can use ACLs to selectively add (grant) certain permissions on individual objects.
Amazon S3 bucket policies can be used to add or deny permissions across some or all of the
objects within a single bucket. With Query String Authentication, you have the ability to
share Amazon S3 objects through URLs that are valid for a specified period of time.
8. Security and Access Management
• Encryption
• You can securely upload or download your data to Amazon S3 via the SSL-encrypted
endpoints
• Audit Logs
• Amazon S3 also supports logging of requests made against your Amazon S3
resources. You can configure your Amazon S3 bucket to create access log records for
the requests made against it. These server access logs capture all requests made
against a bucket or the objects in it and can be used for auditing purposes.
• Versioning
• Amazon S3 provides further protection with versioning capability. You can use
versioning to preserve, retrieve, and restore every version of every object stored in
your Amazon S3 bucket. This allows you to easily recover from both unintended user
actions and application failures.
9. Security and Access Management
• Multi-Factor Authentication Delete
• Amazon S3 provides additional security with Multi-Factor Authentication (MFA)
Delete. When enabled, this feature requires the use of a multi-factor authentication
device to delete objects stored in Amazon S3 to help protect previous versions of
your objects.
• Time-Limited Access to Objects
• Amazon S3 supports query string authentication, which allows you to provide a URL
that is valid only for a length of time that you define. This time-limited URL can be
useful for scenarios such as software downloads or other applications where you
want to restrict the length of time users have access to an object.
• VPC Endpoints
• You can access Amazon S3 from your Amazon Virtual Private Cloud (Amazon VPC)
using VPC endpoints.
10. Pricing and Cost Model
• As part of the AWS Free Usage Tier, new AWS customers receive
• 5 GB of Amazon S3 storage
• 20,000 Get Requests, 2,000 Put Requests
• 15 GB of data transfer out each month for one year
• With Amazon S3, you pay only for what you use and there is no minimum fee
• Amazon S3 costs vary by Region
• Charges in S3 are incurred for
• Storage – cost is per GB/month
• Requests – per request cost varies depending on the request type GET, PUT
• Data Transfer
• data transfer in is free
• data transfer out is charged per GB/month (except in the same region or to Amazon CloudFront)
11. Common Use Scenarios
• Few common use cases for AWS S3:
• Backup and Storage –
• Provide data backup and storage services for others.
• Application Hosting –
• Provide services that deploy, install, and manage web applications.
• Media Hosting –
• Build a redundant, scalable, and highly available infrastructure that hosts video, photo,
or music uploads and downloads.
• Software Delivery –
• Host your software applications that customers can download.