Amazon S3 offers a range of storage classes for the objects that you store.
You choose a class depending on your use case scenario and performance access requirements.
All storage classes offer high durability.
Amazon S3 Storage Classes
- S3 Standard
- S3 Intelligent Tiering
- S3 Standard-IA
- S3 Glacier
- S3 Glacier Deep Archieve For performance-sensitive use cases ( that require millisecond access time) and frequently accessed data
S3 Standard — The default storage class. If you don't specify the storage class when you upload an object, Amazon S3 assigns the S3 Standard storage class.
Storage class for automatically optimizing data with changing or unknown access patterns
S3 Intelligent-Tiering is an Amazon S3 storage class designed to optimize storage costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead.
Storage classes for infrequently accessed objects
The S3 Standard-IA and S3 One Zone-IA storage classes are designed for long-lived and infrequently accessed data. (IA stands for infrequent access.)
S3 Standard-IA — Amazon S3 stores the object data redundantly across multiple geographically separated Availability Zones
S3 One Zone-IA — Amazon S3 stores the object data in only one Availability Zone, which makes it less expensive than S3 Standard-IA. However, the data is not resilient to the physical loss of the Availability Zone
Storage classes for archiving objects
The S3 Glacier and S3 Glacier Deep Archive storage classes are designed for low-cost data archiving.
S3 Glacier — Use for archives where portions of the data might need to be retrieved in minutes. Data stored in the S3 Glacier storage class has a minimum storage duration period of 90 days and can be accessed in as little as 1-5 minutes using expedited retrieval.
S3 Glacier Deep Archive — Use for archiving data that rarely needs to be accessed. Data stored in the S3 Glacier Deep Archive storage class has a minimum storage duration period of 180 days and a default retrieval time of 12 hours.
S3 Storage Classes Use Cases
S3 Standard: Frequently accessed data, ad-hoc needs, short-term requirement (<30 days)
S3 Standard IA: Requires long-term storage for production data with low cost and immediate access for occasssional requests
S3 One Zone IA: Copy of backup data required in a separate region with minimal access latency
S3 Glacier Deep Archive: Lowest cost required for long-term archival of data for compliance purposes
S3 Lifecycle Management
An S3 Lifecycle configuration is an XML file that consists of a set of rules with predefined actions (transition or expiration action) that you want Amazon S3 to perform on objects during their lifetime.
There are two types of action
Transition actions: Define when object transition to another storage class
Expiration actions: Define when objects expire (deleted by S3)
S3 Lifecycle Management (Supported Transitions)
Amazon Simple Storage Service (S3) Replication is an elastic, fully managed, low-cost feature that replicates objects between buckets.
NB: Bucket versioning must have been enabled
Cross Region Replication (CRR)
Amazon S3 Cross-Region Replication (CRR), you can replicate objects (and their respective metadata and object tags) into other AWS Regions for reduced latency, compliance, security, disaster recovery.
Same-Region Replication (SRR)
Amazon S3 Same Region Replication (SRR) is an S3 feature that automatically replicates data between buckets within the same AWS Region for aggregation of logs, replication between multiple accounts and data sovereignity.
Server-Side Encryption with S3 Managed Keys (SSE-S3)
Unique Object Keys
Server-Side Encryption with AWS KMS Managed Keys (SSE-KMS)
KMS Managed Keys
Customer Master Keys
CMK can be customer generated
Server-Side Encryption With Client Provided Keys (SSE-C)
Client Managed Keys
Not Stored On AWS
Client Managed Keys
Not Stored on AWS
You can use AWS KMS CMK
S3 Default Encryption
Default encryption can be set that all new objects are encrypted when stored in a bucket
Objects are encrypted using Server-Side Encryption
There is no change of encryption states of objects that existed in bucket before default encryption was enabled
NB: Amazon S3 encrypts object before saving to disk and decrypts them when downloaded.
S3 Event Notifications
Sends notifications when an event happens in your bucket
Amazon Simple Notification Service
Amazon Simple Queue Service (SQS) queues
S3 Select & Glacier Select
S3 Select and Glacier Select: SQL expression to retrieve individual file from zip archive.
Server Access Logging
Provides detailed records (Logs) of request made to Amazon S3 bucket
Details Include: Requester, Bucket Name, Request Time, Request Action, Response Status and Error Code (If Applicable)
Must specify a separate bucket as destination
Must grant write permission to Amazon S3 Log delivery group on destination bucket
NB: Disabled by default
Requester Pays feature in Amazon S3 that allows bucket owners to pass the request and data transfer costs to users who download the data.
NB: The bucket owner always pays the cost of storing data.
Doesn't support Anonymous request, BitTorrent and SOAP requests
Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.
You can use Object Lock to help meet regulatory requirements that require write-once-read-many (WORM) model, or to simply add another layer of protection against object changes and deletion.
NB: Versioning must be enabled
This action is permanent
Cross-Origin Resource Sharing (CORS)
Allows request from an origin to another origin
Origin is defined by DNS name, protocol and port
- Access-Control-Allow-Headers NB: Rules are defined and added using JSON files in Amazon S3
Top comments (0)