heartin's blog

S3 support tiered storage and has lifecycle management to decide what data sits on which tier: S3, S3 Intelligent tiering, S3 IA, S3 One Zone IA, Glacier and Glacier Deep Archive

Based on below storage purpose of the data, S3 offers different storage classes.

1. General Purpose

   1. Amazon S3 Standard (S3 Standard)

2. Unknown or changing access

   1. Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering)

3. Infrequent Access

Once you enable Versioning for a bucket, S3 preserves existing objects anytime you perform a PUT, POST, COPY, or DELETE operation on them. You can enable versioning while creating an object or later from the Properties tab of the bucket.

Important notes on versioning

1. The bucket owner, the AWS account that created the bucket (root account), and all authorized IAM users can enable versioning.

S3 supports server side and client side Encryption. Two types of Encryption: In transit, At rest.

Encryption details can be specified while uploading file.

Encryption In Transit (SSL/TLS)

You can securely upload/download your data to Amazon S3 via SSL endpoints using the HTTPS protocol. 

Encryption At Rest

Server Side Encryption

Amazon S3 is designed to be secure by default: All newly created buckets are private by default. Only the bucket and object owners originally have access to Amazon S3 resources they create. 

Access Control to S3 Resources

Access control to your bucket can be setup using:

1. IAM Policies

S3 stands for Simple Storage Service. S3 is a secure, durable, highly scalable object storage. 

S3 Feature Highlights

1. An S3 object consist of a key (a name), value (actual data), and metadata (version id and other data about your data).

2. Files in S3 are stored as simple key/value pairs in Buckets. An S3 bucket is synonymous to a folder. 

Amazon Web Services (AWS) is Amazon's cloud computing platform that provides a range of web services that can scale and is mostly on a pay-per-use model. 

Benefits

Below are some of the benefits of AWS:

1. AWS provides out-of-the-box support for common needs such as load balancing, queueing, sending mails, storing files, databases, DNS system etc.

When an AWS service receives a request, the request is first authenticated and then checks if the requester is authorized to perform that action. A few services, like Amazon S3, also allow requests from anonymous users.

If the request is made by an IAM user, or if the request is signed using temporary credentials that are granted by AWS STS, AWS uses IAM policies to determine whether the user's request is authorized.  

Requests that are made by the AWS account root user are allowed for resources in that account.

An AWS region is a distinct geographical region that has AWS infrastucture with separate power sources and internet connectivity. 

Availability Zones are isolated data centres within each region and has their own power source and cooling, insulating it from failures within other zones.

While regions communicate through internet, AZs communicate through AWS high speed network.

A policy is a document (written in the Access Policy Language) that acts as a container for one or more permission statements that control access to AWS products and resources .

This is a highlight of the best practices as listed in AWS website along with personal experiences and from other materials.

1. Lock away your AWS account (root) access keys

2. Create individual IAM users. Use only root account rarely (or never after initial setup).

3. Use AWS-defined policies to assign permissions whenever possible

4. Use groups to assign permissions to IAM users.