Skip to main content

S3 Buckets

S3

Advertised as infinitely scaling storage. Many AWS services also use S3 as part of its service.

You can use S3 for:

  1. Backup
  2. Storage
  3. Disaster recovery
  4. Archive
  5. Static website
  6. Software delivery
  7. Data lakes and big data analytics

The objects are stored into buckets (think of it as directories). Each bucket that you create must be globally unique (across all regions and accounts). However, the buckets are per region. No uppercase no underscore restrictions for naming buckets.

Each file stored into a bucket have a key, the key for S3 is the full path. However, S3 does not have directories concept! If you have folders then it will be named as prefixed. The object key contains prefixed (which can have folder path) + the actual name file itself.

The values that the key mapped to contain the content of the file itself, max at 5TB. If you're uploading a file more than 5GB must use multi-part upload.

S3 Bucket security policy
  1. User-based rules: Attach IAM policies to specify which API call to S3 bucket the use can make
  2. Resource-based: Have three types
    1. Bucket policies: Bucket wide rules from the S3 console, this allow cross account to let other account from AWS to access it
    2. Object access control list: finer grain
    3. Bucket access control list: less common now

IAM principal (users) can access and S3 object if the user IAM allows it or resource policy allows it and there is no explicit deny! You can also encrypt the object using encryption keys.

 

 

 

 

 

 

 

 

 

 

 

 

 

Back to top