What are common use cases for Amazon S3?
Amazon S3 is used for a wide range of storage and data applications, including:
Backup and storage
Disaster recovery
Archiving (e.g., Nasdaq uses S3 Glacier for long-term data storage)
Hybrid cloud storage
Application hosting
Media hosting
Data lakes and big data analytics (e.g., Sysco runs analytics on S3 data)
Software delivery
Static website hosting
What are Amazon S3 Buckets and their naming rules?
An Amazon S3 Bucket is a container for storing objects (files) in S3.
Each bucket must have a globally unique name (across all AWS accounts and regions).
Buckets are defined at the region level, even though S3 appears as a global service.
Naming rules:
No uppercase letters or underscores.
Length: 3–63 characters.
Must not be formatted like an IP address.
Must start with a lowercase letter or number.
Must not start with xn– or end with -s3alias.
What are Amazon S3 Objects?
Objects (files) have a Key.
The Key is the FULL path, for example:
s3://my-bucket/my_file.txt
s3://my-bucket/my_folder1/another_folder/my_file.txt
The key is composed of prefix + object name.
Example: s3://my-bucket/my_folder1/another_folder/my_file.txt
There’s no concept of “directories” within buckets (although the UI may make it appear so).
They are simply keys with very long names that contain slashes (“/”).
Additional details:
Object values are the content of the file (body).
Maximum object size: 5 TB (5000 GB).
If uploading more than 5 GB, you must use multi-part upload.
Metadata: A list of text key/value pairs (system or user-defined).
Tags: Up to 10 Unicode key/value pairs, useful for security and lifecycle management.
Version ID: Present if versioning is enabled on the bucket.
How is security managed in Amazon S3?
Flashcard Answer:
User-Based Security:
Managed through IAM Policies, which define which API calls a specific user can perform.
Resource-Based Security:
Bucket Policies: Set bucket-wide rules from the S3 console; supports cross-account access.
Object Access Control Lists (ACLs): Provide fine-grained permissions (can be disabled).
Bucket ACLs: Less common and can also be disabled.
Access Logic:
An IAM principal can access an S3 object if:
The IAM policy allows it OR the resource policy allows it,
AND there’s no explicit DENY.
Encryption:
S3 objects can be encrypted using encryption keys to protect data at rest.
What are S3 Bucket Policies and how are they used?
S3 Bucket Policies are JSON-based policies used to manage access to buckets and objects.
Key elements:
Resources: Buckets and objects.
Effect: Allow or Deny.
Actions: Set of S3 API operations to allow or deny.
Principal: The AWS account or user the policy applies to.
Common uses:
Grant public access to a bucket.
Enforce encryption on object uploads.
Grant cross-account access to another AWS account.
What is Amazon S3 Express One Zone?
A high-performance, single Availability Zone storage class.
Objects are stored in a Directory Bucket (bucket limited to one AZ).
Handles hundreds of thousands of requests per second with single-digit millisecond latency.
Provides up to 10× better performance and 50% lower cost than S3 Standard.
Durability: 99.9999999% (9 nines)
Availability: 99.95%
Enables co-location of storage and compute in the same AZ to reduce latency.
Use cases: latency-sensitive, data-intensive apps, AI/ML training, financial modeling, media processing, HPC.
Best integrated with: SageMaker Model Training, Athena, EMR, Glue.
How do Amazon S3 storage classes compare in price and performance (us-east-1 example)?
Storage Class | Storage Cost (/GB/month) | Retrieval Cost (/1000 requests) | Retrieval Time | Notes |
| —————————— | —————————- | ———————————– | ——————————————————— | ————————————————- |
| Standard | $0.023 | GET: $0.0004 / POST: $0.005 | Instant | Default, frequent access |
| Intelligent-Tiering | $0.0025 – $0.023 | GET: $0.0004 / POST: $0.005 | Instant | Auto-tiering, $0.0025 monitoring per 1000 objects |
| Standard-IA | $0.0125 | GET: $0.001 / POST: $0.01 | Instant | For infrequent access |
| One Zone-IA | $0.01 | GET: $0.001 / POST: $0.01 | Instant | Stored in a single AZ |
| Glacier Instant Retrieval | $0.004 | GET: $0.01 / POST: $0.02 | Instant | Archive with quick access |
| Glacier Flexible Retrieval | $0.0036 | GET: $0.0004 / POST: $0.03 | Expedited: 1–5 min<br></br>Standard: 3–5 hrs<br></br>Bulk: 5–12 hrs | Archive with cost-effective retrieval |
| Glacier Deep Archive | $0.00099 | GET: $0.0004 / POST: $0.05 | Standard: 12 hrs<br></br>Bulk: 48 hrs | Cheapest, long-term archive |
What is Amazon S3 Intelligent-Tiering?
Amazon S3 Intelligent-Tiering automatically moves objects between access tiers based on usage to optimize storage costs.
Key points:
Small monthly monitoring and auto-tiering fee.
No retrieval charges.
Automatically adjusts between access tiers:
Frequent Access: Default tier.
Infrequent Access: Not accessed for 30 days.
Archive Instant Access: Not accessed for 90 days.
Archive Access (optional): 90–700+ days.
Deep Archive Access (optional): 180–700+ days.
What are the Amazon S3 Glacier Storage Classes?
Amazon S3 Glacier Storage Classes provide low-cost object storage for archiving and backup with pricing based on both storage and retrieval costs.
Types:
S3 Glacier Instant Retrieval
Millisecond retrieval, ideal for data accessed quarterly.
Minimum storage duration: 90 days.
S3 Glacier Flexible Retrieval (formerly S3 Glacier)
Retrieval options: Expedited (1–5 min), Standard (3–5 hrs), Bulk (5–12 hrs).
Minimum storage duration: 90 days.
S3 Glacier Deep Archive (for long-term storage)
Retrieval options: Standard (12 hrs), Bulk (48 hrs).
Minimum storage duration: 180 days.
What are the Amazon S3 Glacier Storage Classes and their main features?
Amazon S3 Glacier provides low-cost object storage for archiving and backup, with pricing based on both storage and retrieval costs.
Storage Classes:
S3 Glacier Instant Retrieval
Millisecond retrieval, ideal for data accessed once a quarter.
Minimum storage duration: 90 days.
S3 Glacier Flexible Retrieval (formerly Amazon S3 Glacier)
Retrieval options:
Expedited: 1–5 minutes
Standard: 3–5 hours
Bulk: 5–12 hours (free)
Minimum storage duration: 90 days.
S3 Glacier Deep Archive (for long-term storage)
Retrieval options:
Standard: 12 hours
Bulk: 48 hours
Minimum storage duration: 180 days.
What are the Amazon S3 Storage Classes for Infrequent Access, and how do they differ?
S3 Infrequent Access (IA) classes are designed for data accessed less frequently but requiring rapid access when needed, at a lower cost than S3 Standard.
- Amazon S3 Standard-IA
Availability: 99.9%
Use cases: Disaster recovery, backups
- Amazon S3 One Zone-IA
Durability: 99.9999999% (within a single AZ; data lost if AZ fails)
Availability: 99.5%
Use cases: Secondary backup copies of on-premises data, or data that can be recreated.
What is Amazon S3 Standard – General Purpose storage class used for?
Amazon S3 Standard is the default general-purpose storage class designed for frequently accessed data.
Key Features:
Availability: 99.99%
Performance: Low latency and high throughput
Durability: Can sustain 2 concurrent facility failures
Use Cases:
Big data analytics, mobile and gaming applications, content distribution, and general-purpose data storage.
What are the different Amazon S3 Storage Classes?
Amazon S3 offers multiple storage classes optimized for different access patterns and cost needs:
S3 Standard – General Purpose
S3 Standard-Infrequent Access (IA)
S3 One Zone-Infrequent Access
S3 Glacier Instant Retrieval
S3 Glacier Flexible Retrieval
S3 Glacier Deep Archive
S3 Intelligent-Tiering
Note:
Objects can move between storage classes manually or through S3 Lifecycle configurations.
What is Amazon S3 Replication (CRR & SRR), and what are its key features and use cases?
Amazon S3 Replication enables automatic copying of objects between buckets.
Key Points:
Versioning must be enabled in both source and destination buckets.
Types:
CRR (Cross-Region Replication): Replicates data across AWS Regions.
SRR (Same-Region Replication): Replicates within the same Region.
Buckets can belong to different AWS accounts.
Copying is asynchronous.
Requires proper IAM permissions for S3.
Use Cases:
CRR: Compliance, lower latency access, cross-account replication.
SRR: Log aggregation, live replication between production and test accounts.
What are the key notes to remember about Amazon S3 Replication?
Only new objects are replicated after replication is enabled.
To replicate existing objects, use S3 Batch Replication — includes failed replications.
Delete operations:
Can replicate delete markers (optional).
Deletions with version IDs are not replicated (prevents malicious deletes).
No chaining:
Replication doesn’t cascade between buckets (e.g., bucket1 → bucket2 → bucket3 doesn’t replicate bucket1 → bucket3).
What is Amazon S3 Versioning and why is it useful?
S3 Versioning allows maintaining multiple versions of objects in a bucket.
Enabled at: the bucket level.
Behavior: Overwriting a file changes its version (1, 2, 3, …).
Benefits:
Protects against accidental deletions (restore old versions).
Enables easy rollback to a previous version.
Notes:
Files uploaded before enabling versioning get version “null”.
Suspending versioning doesn’t delete previous versions.
What is Amazon S3 Static Website Hosting and how does it work?
Purpose: Host static websites directly from an S3 bucket, accessible over the Internet.
Website URL formats:
http://bucket-name.s3-website-aws-region.amazonaws.com
http://bucket-name.s3-website.aws-region.amazonaws.com
Key requirement: The S3 bucket must allow public read access (bucket policy).
Common issue: A 403 Forbidden error means the bucket policy doesn’t allow public reads.
What is the purpose of S3 “Block Public Access” settings, and how should they be used?
Purpose: Prevent accidental exposure of company data to the public.
Settings block:
Public access via new or any ACLs (Access Control Lists).
Public access via new or any bucket or access point policies.
Cross-account access through public configurations.
Best practice:
Keep all block settings ON unless the bucket must be public.
Can be configured at the bucket or account level.
How can you move objects between Amazon S3 storage classes, and when should you do it?
Transitioning: Objects can be moved between S3 storage classes.
Use cases:
Move infrequently accessed objects to Standard-IA.
Move archival data (no fast access needed) to Glacier or Glacier Deep Archive.
Automation: Use Lifecycle Rules to automate transitions between storage classes.
What are Amazon S3 Lifecycle Rules and how are they used?
Purpose: Automate object transitions and deletions over time.
Transition Actions:
Move objects to Standard-IA 60 days after creation.
Move to Glacier for archiving after 6 months.
Expiration Actions:
Delete access logs after 365 days.
Delete old versions of files (if versioning enabled).
Delete incomplete multipart uploads.
Customization:
Rules can apply to a specific prefix (e.g., s3://mybucket/mp3/*).
Rules can apply to specific tags (e.g., Department: Finance).
What is Amazon S3 Analytics (Storage Class Analysis), and how is it used?
Purpose: Helps decide when to transition objects to a more cost-effective storage class.
Supports: Provides recommendations for S3 Standard and Standard-IA (not for One-Zone IA or Glacier).
Reports:
Updated daily.
Takes 24–48 hours to start generating insights.
Use case: Great starting point for creating or optimizing Lifecycle Rules.
What is Amazon S3 Requester Pays, and when is it useful?
Normally, bucket owners pay for storage and data transfer.
With Requester Pays buckets, the requester pays for request and data download costs.
Useful for sharing large datasets with other AWS accounts.
The requester must be authenticated (no anonymous access).
What are Amazon S3 Event Notifications, and how do they work?
Triggers: S3:ObjectCreated, S3:ObjectRemoved, S3:ObjectRestore, S3:Replication, etc.
Filtering: Possible by object name (e.g., *.jpg).
Use case: Generate image thumbnails upon upload.
Destinations: Send events to SNS, SQS, or Lambda.
Customization: Can create multiple S3 events.
Timing: Events are usually delivered within seconds (may take up to a minute).
What are key performance optimization methods in Amazon S3?
Multi-Part Upload:
Recommended for files >100 MB, required for >5 GB.
Splits files into parts for parallel uploads (faster transfer).
S3 Transfer Acceleration:
Boosts upload speed by routing data through AWS edge locations to the target S3 bucket.
Compatible with multi-part upload.
