S3 object storage classes
”- standard
- intelligent tiering
- infrequent access
- one-zone infrequent access
- glacier
- glacier deep archive”
S3 standard
“Multi-AZ, single region
- durability: 99.999999999% (eleven 9s)
- availability: 99.9%”
S3 intelligent tiering
“Objects within the bucket are moved to infrequent access tier when not accessed for 30 days; when an object in IA is accessed, it is moved back to frequent access tier.
Small monitoring fee per object in the bucket.
No costs for transitions between tiers within intelligent tiering.”
S3 standard IA
“Good for infrequently accessed data
Multi-AZ, single region
- durability: 99.999999999% (eleven 9s)
- availability: 99.9%
lower cost of storage, but has an
additional cost of $0.01/GB retrieved”
S3 one-zone IA
“Good for infrequently accessed data when you can trade off cost for reduced availability
Single AZ, so only 99.5% available
Less expensive than S3 IA; designed for eleven 9s of durability within a single AZ (if AZ is destroyed, data will be lost)”
Glacier
"Cold storage Eleven 9s of durability Much less expensive than hot storage Retrieval time varies based on retrieval options: - expedited: < 5 minutes - standard: 3-5 hours - bulk: 5-12 hours"
Glacier deep archive
"Cold storage Eleven 9s of durability Less expensive than glacier Retrieval time varies based on retrieval options: - standard: 12 hours - bulk: 48 hours"
S3 lifecycle policies
“Can transition objects from standard to IA to Glacier after a certain period (restrictions apply – for instance, an object can’t be transitioned to glacier less than 30 days after it is transitioned to IA)
Transitions follow a waterfall model: standard -> IA -> intelligent tiering -> one-zone IA -> glacier -> glacier deep archive
Costs are associated with transitions to glacier.
Can delete objects after a certain number of days; different tiers have requirements for how long objects must be stored; early deletion can result in charges for the entire minimum period”
S3 lifecycle policies - minimum storage durations
”- Standard: none
- Standard IA: 30 days
- One-zone IA: 30 days
- Intelligent tiering: 30 days
- Glacier: 90 days
- Glacier Deep Archive: 180 days”
S3 versioning
“With versioning enabled on a bucket, overwriting an object generates a version ID for the object; old versions are preserved.
Deleting an object on a version-enabled bucket creates a delete marker; old versions are still preserved.
Can retrieve old versions of objects using their IDs.
Must use a lifecycle policy to prevent infinite proliferation of objects.”
S3 object lock
“Available for all storage classes
Retention policies:
- governance: no one can delete during retention period unless they have special privileges
- compliance: no one can delete during retention period, not even root account
Legal hold: once put on an object, the object can’t be deleted until the hold is removed”
S3 transfer acceleration
“Use CloudFront to speed up transfer to/from S3 (there is a cost associated with this)
Transfer Acceleration Speed Comparison tool can tell you how much speedup to expect.”
S3 events
“Can be routed to:
- SNS topic
- SQS queue
- Lambda function”
S3 static websites
”- enable web hosting
- set permissions
- create index document
optionally:
- configure redirects
- custom error document
- enable web traffic logging
Really should use CloudFront in front of the site”
S3 security best practices
”- block public access
- avoid policies with wildcard identities or wildcard actions
- apps should use IAM roles to access S3 buckets (don’t include credentials in apps)
- MFA delete - requires MFA to delete a bucket to prevent accidental deletions
- aws:SecureTransport - requires all connections to use TLS when accessing bucket contents
- use VPC endpoints to keep traffic to/from S3 inside your VPC”
