A Deep Dive into Cloud Storage Excellence Amazon S3

In the ever-evolving landscape of cloud computing, Amazon S3 (Simple Storage Service) stands out as a cornerstone for businesses and developers seeking reliable, scalable, and cost-effective storage solutions.

Introduction

• Amazon S3 is one of the main building blocks of AWS
• It’s advertised as “infinitely scaling” storage
• Many websites use Amazon S3 as a backbone
• Many AWS services use Amazon S3 as an integration as well
• We’ll have a step-by-step approach to S3

Amazon S3 Use Cases

• Backup and storage
• Disaster Recovery
• Archive
• Hybrid Cloud Storage
• Application Hosting
• Media Hosting
• Data lakes and big data analytics
• Software delivery
• Static Website

Amazon S3 — Buckets

• Amazon S3 Allows people to store objects(files) in “buckets” (directories)
• Buckets must have a globally unique name (across all regions all accounts)
• Buckets are defined at the region level
• S3 looks like a global service but buckets are created in a region
• Naming Convention

1. Non uppercase, No under scope
2. 3–63 Characters
3. Not an IP
4. Must start with a lowercase letter or number
5. Must NOT start with prefix xy — -
6. Must NOT end with suffix -s3hello

Amazon S3 — Objects

• Objects (file) have a key
• The key is the Full path:

s3://hello/name.txt

s3://hello-world//hello/name.txt

• The key is composed of prefix + object name

s3://hello-world//hello/name.txt

• There’s no concept of “directories” within the buckets
• Object values are the content of the body:

1. Max Object Size 5TB (5000GB)
2. If uploading more than 5GB, must use “multi-part upload”

• Metadata (list of text key / value pairs — system or user metadata)
• Tags (Unicode key / value pair — up to 10 ) useful for security / lifecycle
• Version ID (if versioning is enabled)

Amazon S3 — Security

User-Based

• IAM Polices — which API calls should be allowed for a specific user from IAM

Resource-Based

• Bucket Policies — Bucket wide rules from the S3 console — allows cross account
• Object Access Control List (ACL) — finer grain (can be disabled)
• Bucket Access Control List (ACL) — Less common (can be disabled)

Note:

An IAM principal can access an S3 Object if

• The user IAM permissions ALLOW it OR the resources policy ALLOWS it
• AND there’s no explicit DENY

Encryption:

Encrypt objects in Amazon S3 using encryption keys

S3 Bucket Polices

JSON Based policies

• Resources buckets and objects
• Effect: Allow / Deny
• Actions: Set of API to allow or deny
• Principal: The account or user to apply the policy to

Use S3 bucket for policy to:

• Grant public access to the bucket
• Force objects to be encrypted at upload
• Grant access to another account (Cross Account)

Let’s See how to create S3 bucket

Step 1: Sign in to AWS Management Console

1. Navigate to the AWS Management Console.
2. Sign in with your AWS account credentials.

Step 2: Open Amazon S3 Console

1. In the AWS Management Console, find the “Services” dropdown and select “S3” under “Storage”.

Step 3: Create a New Bucket

1. Click the “Create bucket” button.
2. Enter a unique and meaningful name for your bucket. Bucket names must be globally unique across all of Amazon S3, so if your desired name is already taken, you’ll need to choose a different one.
3. Select the AWS region where you want your bucket to be located. Choose a region that is geographically closest to your intended audience or where you expect the majority of your users to be.
4. Click “Next” to configure additional options if needed. You can set up logging, versioning, and other advanced settings.
5. Review your configurations and click “Create bucket” to finish.

Step 4: Upload Objects to Your Bucket

1. After creating your bucket, navigate to it in the S3 console.
2. Click the “Upload” button.
3. Add the files you want to upload to your bucket. You can also drag and drop files directly into the console.
4. Set permissions for your objects, such as public or private access.
5. Click “Upload” to complete the process.

Step 5: Access Your Objects

1. Once your objects are uploaded, you can access them by selecting the bucket and navigating to the “Objects” tab.
2. Click on an object to view its details or generate a public URL for sharing.