S3 Core Concepts

Fundamentals & Getting Started

Buckets & Objects

S3 Buckets

Containers for objects with global unique names

Objects

Files stored in buckets with metadata

Keys

Unique identifiers for objects in buckets

Regions

Buckets are created in specific AWS regions

Storage Classes

Standard

Frequently accessed data

Intelligent-Tiering

Automatic cost optimization

Standard-IA

Infrequently accessed data

Glacier & Deep Archive

Long-term archival storage

Versioning & Lifecycle Management

Object Versioning

Multiple versions of same object

  • • Protect against accidental deletion
  • • Version ID for each object
  • • Can be suspended or enabled

Lifecycle Policies

Automate object transitions

  • • Transition to cheaper storage
  • • Delete objects after time
  • • Rules based on prefixes/tags

MFA Delete

Extra protection for deletions

  • • Requires MFA for deletion
  • • Only root user can enable
  • • Works with versioning

Access Control

IAM Policies

User and role-based permissions

Bucket Policies

Resource-based permissions

ACLs

Legacy access control lists

Block Public Access

Account and bucket level settings

Encryption

SSE-S3

S3-managed encryption keys

SSE-KMS

KMS-managed encryption keys

SSE-C

Customer-provided encryption keys

Client-Side

Encrypt before uploading

S3 URLs & Access Methods

Virtual Hosted Style

bucket.s3.region.amazonaws.com

Path Style

s3.region.amazonaws.com/bucket

Pre-signed URLs

Temporary access URLs

Static Website

Host static websites

Advanced Features

Cross-Region Replication

Replicate objects across regions

Event Notifications

Trigger actions on object events

Transfer Acceleration

Faster uploads via CloudFront

Object Management

Object Tagging

Key-value pairs for organization

Object Lock

WORM (Write Once Read Many)

Multipart Upload

Upload large files in parts

S3 Core Concepts Exam Tips

  • • Bucket names must be globally unique and DNS-compliant
  • • Objects can be 0 bytes to 5TB, use multipart upload for >100MB
  • • Versioning protects against accidental deletion and overwrites
  • • Default encryption can be set at bucket level
  • • Block Public Access settings provide additional security layer
Back to S3 Topics Next: S3 Performance & Tiers