Simple Storage Service

S3 Object Storage Classes

• Standard

• Standard-IA

• One Zone-IA

• Glacier - Instant

• Glacier - Flexible

• Glacier Deep Archive

• Intelligent-Tiering

S3 Lifecycle Configuration

S3 Replication

• S3 has two replication features which allow objects to be replicated between a SOURCE and DESTINATION buckets in the same or different AWS accounts

• Cross-Region Replication (CRR) is the process used when Source and Destination are in different AWS regions

• Same-Region Replication (SRR) is used when the buckets are in the same region.

Options

Considerations

Why use replication..?

S3 Object Encryption

S3 Server-Side Encryption

SSE-C

SSE-S3 (AES256)

SSE-KMS

S3 Bucket Keys

• Amazon S3 Bucket Keys reduce the cost of Amazon S3 server-side encryption using AWS Key Management Service (SSE-KMS).

• Bucket-level keys for SSE can reduce AWS KMS request costs by up to 99 percent by decreasing the request traffic from Amazon S3 to AWS KMS.

S3 w/o Bucket Keys

S3 w/ Bucket Keys

S3 Presigned URLs

S3 Select & Glacier Select

S3 and Glacier Select allow you to use a SQL-Like statement to retrieve partial objects from S3 and Glacier.

S3 Access Points

• Amazon S3 Access Points, a feature of S3, simplifies managing data access at scale for applications using shared data sets on S3.

• Access points are unique hostnames that customers create to enforce distinct permissions and network controls for any request made through the access point.

S3 Object Lock

• You can use S3 Object Lock to store objects using a write-once-read-many (WORM) model.

• It can help you prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.

• You can use S3 Object Lock to meet regulatory requirements that require WORM storage, or add an extra layer of protection against object changes and deletion.