Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements.
Note: If you are new to
Features of Amazon S3
1. Storage management and monitoring
All objects are stored in S3 buckets and can be organized with shared names called prefixes. You can also append up to 10 key-value pairs called S3 object tags to each object, which can be created, updated, and deleted throughout an object’s life cycle. To keep track of objects and their respective tags, buckets, and prefixes, you can use an S3 Inventory report that lists your stored objects within an S3 bucket or with a specific prefix, and their respective metadata and encryption status.
Amazon S3 also supports features that help maintain data version control, prevent accidental deletions, and replicate data to the same or different AWS Region.
2. Storage classes in Amazon S3
Every S3 Storage Class supports a specific data access level at corresponding costs. This means you can store mission-critical production data in S3 Standard for frequent access, save costs by storing infrequently accessed data in S3 Standard-IA or S3 One Zone-IA, and archive data at the lowest costs in the archival storage classes — S3 Glacier and S3 Glacier Deep Archive. You can use S3 Storage Class Analysis to monitor access patterns across objects to discover data that should be moved to lower-cost storage classes.
3. Access management and security
To protect your data in Amazon S3, by default, users only have access to the S3 resources they create. You can grant access to other users by using one or a combination of the following access management features:
- AWS Identity and Access Management (IAM) to create users and manage their respective access.
- Access Control Lists (ACLs) to make individual objects accessible to authorized users.
- Bucket policies to configure permissions for all objects within a single S3 bucket.
- S3 Access Points to simplify managing data access to shared data sets by creating access points with names and permissions specific to each application or sets of applications.
- Query String Authentication to grant time-limited access to others with temporary URLs.
Amazon S3 offers flexible security features to block unauthorized users from accessing your data.
- Use VPC endpoints to connect to S3 resources from your Amazon Virtual Private Cloud (Amazon VPC).
- Amazon S3 supports both server-side encryption (with three key management options) and client-side encryption for data uploads.
- Use S3 Inventory to check the encryption status of your S3 objects.
4. Query in place
Amazon S3 has a built-in feature and complimentary services that query data without needing to copy and load it into a separate analytics platform or data warehouse. This means you can run big data analytics directly on your data stored in Amazon S3. It includes – S3 Select, Amazon Athena and Amazon Redshift Spectrum.
5. Data Transfer in Amazon S3
AWS has a suite of data migration services that make transferring data into the AWS Cloud simple, fast, and secure. For very large data transfers, consider using AWS Snowball, AWS Snowball Edge, and AWS Snowmobile to move petabytes to exabytes of data to the AWS Cloud for as little as one-fifth the cost of high-speed Internet. These AWS Snow services work by using secure physical devices to transport data via roads, and solve for migration problems such as high network costs, long transfer times, and security.
In my next post, I`ll explain how to store data in S3 bucket.