AWS Certified Solutions Architect - Professional
  • AWS Certified Solutions Architect - Professional
  • Analytics
    • Athena
    • Data Exchange
    • Kinesis Data Firehose
    • EMR
    • Glue
    • Kinesis Data Streams
    • Kinesis Data Analytics
    • Lake Formation
    • Managed Service for Apache Flink
    • Managed Streaming for Apache Kafka (Amazon MSK)
    • OpenSearch Service
    • QuickSight
  • Application Integration
    • AppFlow
  • AppSync
  • EventBridge
  • MQ
  • Simple Notification Service
  • Simple Queue Service
  • Step Functions
  • Blockchain
    • Managed Blockchain
  • Business Applications
    • Simple Email Service
  • Cloud Financial Management
    • Budgets
    • Cost and Usage Report
  • Cost Explorer
  • Savings Plans
  • COMPUTE
    • App Runner
  • Auto Scaling
  • Batch
  • Elastic Beanstalk
  • OpsWorks
  • Elastic Compute Cloud
  • EC2 Auto Scaling
  • Fargate
  • Lambda
  • Lightsail
  • Outposts
  • Wavelength
  • CONTAINERS
    • Elastic Container Registry
    • Elastic Container Service
    • ECS Anywhere
    • Elastic Kubernetes Service
    • EKS Anywhere
    • EKS Distro
  • DATABASES
    • Aurora
  • Aurora Serverless
  • DocumentDB
  • DynamoDB
  • ElastiCache
  • Keyspaces
  • Neptune
  • Relational Database Service
  • Redshift
  • Timestream
  • Developer Tools
    • CI/CD using AWS Code
    • CodeArtifact
    • CodeBuild
    • CodeDeploy
    • CodeGuru
    • CodePipeline
    • X-Ray
  • End User Computing
    • AppStream 2.0
  • Workspaces
  • Frontend Web and Mobile
    • Amplify
    • API Gateway
    • Device Farm
    • Pinpoint
  • Internet of Things
    • IoT Core
    • IoT Device Defender
    • IoT Device Management
    • IoT Events
    • IoT Greengrass
    • IoT SiteWise
    • IoT Things Graph
  • IoT 1-Click
  • Machine Learning
    • Comprehend
    • Fraud Detector
    • Kendra
    • Lex
    • Personalize
    • Polly
    • Rekognition
  • SageMaker AI
  • Textract
  • Transcribe
  • Translate
  • Forecast 101
  • Management and Governance
    • CloudFormation
    • CloudTrail
    • CloudWatch
    • CloudWatch Logs
    • Cost Allocation Tags
    • Command Line Interface
    • Compute Optimizer
    • Config
    • Control Tower
    • Health Dashboard
    • License Manager
    • Managed Grafana
    • Managed Service for Prometheus
    • Management Console
    • Organizations
    • Proton
    • Service Catalog
    • Service Quotas
    • Systems Manager
    • Trusted Advisor
    • Well-Architected Tool
    • SAML2.0 Identity Federation
    • IAM Identity Center
    • Directory Service
  • Service Control Policies
  • Permissions Boundaries
  • Permissions Evaluation
  • Media Services
    • Elastic Transcoder
    • Kinesis Video Streams
  • Migration and Transfer
    • 6R's of Cloud Migration
    • Application Discovery Service
    • Application Migration Service
    • Database Migration Service
    • DataSync
    • Migration Hub
    • Schema Conversion Tool
    • Snow Family
    • Transfer Family
  • Networking and Content Delivery
    • Private and Public Services
    • DHCP In a VPC
    • VPC Router
    • Stateful vs Stateless Firewalls
    • Network Access Control Lists
    • Security Groups
    • Local Zones
    • Border Gateway Protocol
    • Global Accelerator
    • IPSec VPN
    • Site2Site VPN
    • Transit Gateway
    • VPC Routing
    • Accelerated Site-to-Site VPN
    • Client VPN
    • Direct Connect (DX)
    • Route53
    • Private Link
    • VPC
    • VPC Flow Logs
    • CloudFront
    • Elastic Load Balancing
  • Security, Identity, and Compliance
    • Artifact
    • Audit Manager
    • Certificate Manager
    • Parameter Store
    • CloudHSM
    • Cognito
    • Detective
    • Directory Service
    • Firewall Manager
    • GuardDuty
    • Identity and Access Management
    • Inspector
    • Key Management Service
    • Macie
    • Network Firewall
    • Resource Access Manager
    • Secrets Manager
    • Security Hub
    • Security Token Service
    • Shield
    • WAF
  • Storage
    • Backup
    • Elastic Block Store
    • Instance Store Volumes
    • Elastic Disaster Recovery
    • Elastic File System
    • FSx
    • Simple Storage Service
    • S3 Glacier
    • Storage Gateway
  • DISASTER RECOVERY
    • Types of DR - Cold, Warm, PilotLight
    • DR Architecture - Storage
    • DR Architecture - Compute
    • DR Architecture - Database
    • DR Architecture - Networking
Powered by GitBook
On this page
  • S3 Object Storage Classes
  • S3 Lifecycle Configuration
  • S3 Replication
  • Options
  • Considerations
  • Why use replication..?
  • S3 Object Encryption
  • S3 Server-Side Encryption
  • SSE-C
  • SSE-S3 (AES256)
  • SSE-KMS
  • S3 Bucket Keys
  • S3 Presigned URLs
  • S3 Select & Glacier Select
  • S3 Access Points
  • S3 Object Lock
  1. Storage

Simple Storage Service

Last updated 4 days ago

S3 Object Storage Classes

  • Standard

  • Standard-IA

  • One Zone-IA

  • Glacier - Instant

  • Glacier - Flexible

  • Glacier Deep Archive

  • Intelligent-Tiering

S3 Lifecycle Configuration

S3 Replication

  • S3 has two replication features which allow objects to be replicated between a SOURCE and DESTINATION buckets in the same or different AWS accounts

  • Cross-Region Replication (CRR) is the process used when Source and Destination are in different AWS regions

  • Same-Region Replication (SRR) is used when the buckets are in the same region.

Options

Considerations

Why use replication..?

S3 Object Encryption

S3 Server-Side Encryption

SSE-C

SSE-S3 (AES256)

SSE-KMS

S3 Bucket Keys

  • Amazon S3 Bucket Keys reduce the cost of Amazon S3 server-side encryption using AWS Key Management Service (SSE-KMS).

  • Bucket-level keys for SSE can reduce AWS KMS request costs by up to 99 percent by decreasing the request traffic from Amazon S3 to AWS KMS.

S3 w/o Bucket Keys

S3 w/ Bucket Keys

S3 Presigned URLs

S3 Select & Glacier Select

S3 and Glacier Select allow you to use a SQL-Like statement to retrieve partial objects from S3 and Glacier.

S3 Access Points

  • Amazon S3 Access Points, a feature of S3, simplifies managing data access at scale for applications using shared data sets on S3.

  • Access points are unique hostnames that customers create to enforce distinct permissions and network controls for any request made through the access point.

S3 Object Lock

  • You can use S3 Object Lock to store objects using a write-once-read-many (WORM) model.

  • It can help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.

  • You can use S3 Object Lock to meet regulatory requirements that require WORM storage, or add an extra layer of protection against object changes and deletion.