Difference between revisions of "Amazon Simple Storage Service (S3)"
Jump to navigation
Jump to search
↑ https://aws.amazon.com/blogs/aws/amazon-s3-intelligent-tiering-further-automating-cost-savings-for-short-lived-and-small-objects/
↑ https://docs.aws.amazon.com/cli/latest/reference/s3/cp.html
↑ https://docs.aws.amazon.com/cli/latest/reference/s3/mb.html
↑ https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-s3-enabling-object-lock-buckets/
↑ https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-s3-server-access-logging-date-partitioning/
↑ https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html
↑ https://aws.amazon.com/about-aws/whats-new/2018/11/s3-object-lock/
↑ https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html
(96 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
− | [[wikipedia:Amazon S3]] ([[2006]]) or Amazon Simple Storage Service a service offered by Amazon Web Services (AWS) since 2006 that provides [[Object Storage]] through a web service interface or CLI. | + | [[wikipedia:Amazon S3]] ([[AWS timeline|March 2006]]) or Amazon Simple Storage Service a service offered by Amazon Web Services (AWS) since 2006 that provides [[Object Storage]] through a web service interface or CLI. |
+ | |||
+ | * [[AWS free tier]]: 5 GB | ||
+ | |||
+ | == Features == | ||
+ | * [[AWS S3 encryption|Encryption]] | ||
+ | * [[AWS S3 replication|Replication]] | ||
+ | * [[AWS S3 lifecycle|Lifecycle]]: <code>[[aws s3control put-bucket-lifecycle-configuration]]</code> | ||
+ | * [[AWS S3 versioning|Versioning]]: <code>[[aws s3api put-bucket-versioning]]</code> | ||
+ | * [[Object tagging]] | ||
+ | * [[Logging options for Amazon S3|Logging]] | ||
+ | |||
+ | == [[Amazon S3 Storage Classes]] == | ||
+ | * Amazon S3 Standard is the default class. | ||
+ | |||
+ | * [[Amazon S3 Intelligent-Tiering]] ([[AWS timeline|Sep 2021]])<ref>https://aws.amazon.com/blogs/aws/amazon-s3-intelligent-tiering-further-automating-cost-savings-for-short-lived-and-small-objects/</ref> | ||
+ | |||
+ | * [[Amazon S3 Standard Infrequent Access (IA)]] is designed for less frequently accessed data. Typical use cases are backup and disaster recovery solutions. | ||
+ | |||
+ | * Amazon S3 One Zone-Infrequent Access is designed for data that is not often needed but when required, needs to be accessed rapidly. Data is stored in one zone and if that zone is destroyed, all data is lost. | ||
+ | |||
+ | * [[Amazon Glacier]] is designed for long-term storage of data that is infrequently accessed and where retrieval latency of minutes or hours is acceptable. "[[Glacier Deep Archive]]" is an alternative with a retrieval time of at least 12 hours, but 1/4th the price. It is intended as an alternative to magnetic tape libraries, and is designed for long term retention of data for 7 to 10 years. | ||
+ | |||
+ | * [[Amazon S3 Express One Zone]] ([[AWS timeline|Nov 2023]]): [[Directory buckets]] | ||
+ | |||
+ | == Pricing/Cost == | ||
+ | * {{AWS S3 pricing}} | ||
== Commands == | == Commands == | ||
Line 7: | Line 33: | ||
* <code>[[aws s3 rm]]</code> | * <code>[[aws s3 rm]]</code> | ||
* <code>[[aws s3 help]]</code> | * <code>[[aws s3 help]]</code> | ||
− | * <code>[[aws s3 mb]]</code> | + | * <code>[[aws s3 mb]]</code> <ref>https://docs.aws.amazon.com/cli/latest/reference/s3/mb.html</ref> (creates a [[bucket]]) |
* <code>[[aws s3 rb]]</code> | * <code>[[aws s3 rb]]</code> | ||
− | + | * <code>[[aws s3 presign]]</code> | |
https://docs.aws.amazon.com/cli/latest/reference/s3/ | https://docs.aws.amazon.com/cli/latest/reference/s3/ | ||
− | + | == [[Logging options for Amazon S3|Amazon S3 logs]] == | |
− | == Amazon S3 logs == | ||
Amazon S3 allows users to enable or disable logging. If enabled, the logs are stored in Amazon S3 [[buckets]] which can then be analyzed. These logs contain useful information such as: | Amazon S3 allows users to enable or disable logging. If enabled, the logs are stored in Amazon S3 [[buckets]] which can then be analyzed. These logs contain useful information such as: | ||
* Date and time of access to requested content | * Date and time of access to requested content | ||
Line 21: | Line 46: | ||
* Turnaround time | * Turnaround time | ||
* HTTP request message | * HTTP request message | ||
− | |||
== Encryption == | == Encryption == | ||
− | [[Encryption]] is supported in AWS S3 (default [[Advanced Encryption Standard]] (AES) 256bit) | + | [[AWS S3 encryption|Encryption]] (2017) is supported in AWS S3 (default [[Advanced Encryption Standard]] (AES) 256bit) |
− | *In transit (SSL/TLS) | + | *In [[transit]] ([[SSL]]/[[TLS]]) |
− | *At | + | *At [[rest]]: |
− | **Server Side Encryption (SSE): | + | ** [[Server Side Encryption]] (SSE): |
**S3 Managed Keys (SSE-S3; 256bit); | **S3 Managed Keys (SSE-S3; 256bit); | ||
**[[AWS Key Management Service]], Managed Keys (SSE-KMS) | **[[AWS Key Management Service]], Managed Keys (SSE-KMS) | ||
**Server Side Encryption with Customer Provided Keys (SSE-C) | **Server Side Encryption with Customer Provided Keys (SSE-C) | ||
* Client Side Encryption (user encypts data on their local machine and then upload to AWS S3) | * Client Side Encryption (user encypts data on their local machine and then upload to AWS S3) | ||
+ | |||
+ | == Replication == | ||
+ | * [[S3 Replication Time Control (S3 RTC)]] | ||
+ | |||
+ | |||
+ | == News == | ||
+ | * [[AWS timeline|Nov 2023]] [[AWS S3 Directory buckets]] introduced | ||
+ | * [[AWS timeline|Nov 2023]] [[Amazon S3 now supports enabling S3 Object Lock on existing buckets]] <ref>https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-s3-enabling-object-lock-buckets/</ref> | ||
+ | * [[AWS timeline|Nov 2023]] [[Amazon S3 server access logging now supports automatic date-based partitioning]] <ref>https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-s3-server-access-logging-date-partitioning/</ref> | ||
+ | * [[AWS timeline|Jan 2023]] [[S3 encryption|Encryption]] activated by default <ref>https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-encryption-faq.html</ref> | ||
+ | * Mar 2019 [[AWS S3 Glacier Deep Archive]] | ||
+ | * [[AWS Timeline|Nov 2018]] [[AWS Announces Amazon S3 Object Lock in all AWS Regions]] <ref>https://aws.amazon.com/about-aws/whats-new/2018/11/s3-object-lock/</ref> | ||
+ | |||
+ | == Terraform == | ||
+ | * [[Terraform S3 resources]]: <code>[[Terraform resources: aws_s3_bucket_policy|aws_s3_bucket_policy]]</code> | ||
+ | * [[Terraform resource]]: <code>[[Terraform resource: aws_s3_bucket_website_configuration|aws_s3_bucket_website_configuration]]</code> | ||
== Related terms == | == Related terms == | ||
− | * [[Amazon EBS]] | + | * [[Amazon EBS]], [[Amazon EFS]] |
− | + | * [[Amazon S3 clients]]: [[CloudBerry Explorer]], [[Transmit 5]], [[Cyberduck]] | |
− | * [[CloudBerry Explorer]] | + | * <code>[[s3fs-fuse]]</code> |
− | |||
− | |||
− | * [[s3fs-fuse]] | ||
* [[AWS Storage Gateway]] | * [[AWS Storage Gateway]] | ||
* [[Amazon Glacier]] | * [[Amazon Glacier]] | ||
− | |||
* [[Amazon S3 Cross-Region Replication (CRR)]] | * [[Amazon S3 Cross-Region Replication (CRR)]] | ||
+ | * [[PrestoDB]] SQL engine | ||
+ | * [[AWS]]: 1.4 Choose appropriate [[resilient storage]] | ||
+ | * [[CloudFormation]]: <code>[[AWS::S3]], [[AWS::S3::Bucket]]</code> | ||
+ | * [[Amazon S3 Storage Lens]] | ||
+ | * [[Amazon S3 inventory]] <ref>https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html</ref> | ||
+ | * [[Amazon Macie]] for S3 [[analysis]] | ||
+ | * [[Restrict access to files in Amazon S3 buckets]] | ||
+ | * [[AWS managed policy: AmazonS3ReadOnlyAccess]] | ||
+ | * [[Amazon GuardDuty S3 protection]] | ||
+ | * [[Amazon Athena]] | ||
+ | * [[BucketName:]] | ||
+ | * [[BucketEncryption:]] | ||
+ | * <code>[[s3streamcat]]</code> | ||
+ | * [[File hosting service]] | ||
+ | * [[Google Cloud Storage (GCS)]] | ||
+ | * <code>[[s3-website]]</code> | ||
+ | * [[Object lock]], [[WORM]] | ||
+ | * [[Bucket keys]] | ||
+ | * [[S3 Express One Zone]] | ||
+ | |||
+ | == Limitations == | ||
+ | * No bandwidth restriction | ||
+ | * No [[size]] restriction by [[bucket]] | ||
+ | |||
+ | == Activities == | ||
+ | * Read https://stackoverflow.com/questions/tagged/amazon-s3?sort=votes | ||
+ | * Read https://www.sumologic.com/insight/10-things-might-not-know-using-s3/ | ||
+ | * Read How do I use [[CloudFront]] to serve a static website hosted on Amazon S3? https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-serve-static-website/ | ||
+ | * Learn about [[AWS cloudtrail data events]] | ||
== See also == | == See also == | ||
+ | * {{aws s3}} | ||
* {{S3}} | * {{S3}} | ||
− | * {{AWS}} | + | * {{AWS storage}} |
− | * | + | * {{Object Storage}} |
− | * | + | * {{Cloud storage}} |
+ | |||
− | [[Category: | + | [[Category:AWS]] |
− | [[Category: | + | [[Category:AWS S3]] |
+ | [[Category:Object storage]] |
Latest revision as of 04:38, 11 July 2024
wikipedia:Amazon S3 (March 2006) or Amazon Simple Storage Service a service offered by Amazon Web Services (AWS) since 2006 that provides Object Storage through a web service interface or CLI.
- AWS free tier: 5 GB
Contents
Features[edit]
- Encryption
- Replication
- Lifecycle:
aws s3control put-bucket-lifecycle-configuration
- Versioning:
aws s3api put-bucket-versioning
- Object tagging
- Logging
Amazon S3 Storage Classes[edit]
- Amazon S3 Standard is the default class.
- Amazon S3 Standard Infrequent Access (IA) is designed for less frequently accessed data. Typical use cases are backup and disaster recovery solutions.
- Amazon S3 One Zone-Infrequent Access is designed for data that is not often needed but when required, needs to be accessed rapidly. Data is stored in one zone and if that zone is destroyed, all data is lost.
- Amazon Glacier is designed for long-term storage of data that is infrequently accessed and where retrieval latency of minutes or hours is acceptable. "Glacier Deep Archive" is an alternative with a retrieval time of at least 12 hours, but 1/4th the price. It is intended as an alternative to magnetic tape libraries, and is designed for long term retention of data for 7 to 10 years.
Pricing/Cost[edit]
- 1 TB S3 One Zone-IA storage (
us-east-2
), no data transfer: ($10.24 USD/month ) - 1 TB S3 One Zone-IA storage (
eu-central-1
), no data transfer: $11.06/month (Calculator) - 1 TB S3 Glacier Deep Archive storage, no data transfer: $1/month (Calculator)
Commands[edit]
See also: AWS Command Line Tool (CLI)
aws s3 cp
[2]aws s3 sync
aws s3 rm
aws s3 help
aws s3 mb
[3] (creates a bucket)aws s3 rb
aws s3 presign
https://docs.aws.amazon.com/cli/latest/reference/s3/
Amazon S3 logs[edit]
Amazon S3 allows users to enable or disable logging. If enabled, the logs are stored in Amazon S3 buckets which can then be analyzed. These logs contain useful information such as:
- Date and time of access to requested content
- Protocol used (HTTP, FTP, etc.)
- HTTP status codes
- Turnaround time
- HTTP request message
Encryption[edit]
Encryption (2017) is supported in AWS S3 (default Advanced Encryption Standard (AES) 256bit)
- In transit (SSL/TLS)
- At rest:
- Server Side Encryption (SSE):
- S3 Managed Keys (SSE-S3; 256bit);
- AWS Key Management Service, Managed Keys (SSE-KMS)
- Server Side Encryption with Customer Provided Keys (SSE-C)
- Client Side Encryption (user encypts data on their local machine and then upload to AWS S3)
Replication[edit]
News[edit]
- Nov 2023 AWS S3 Directory buckets introduced
- Nov 2023 Amazon S3 now supports enabling S3 Object Lock on existing buckets [4]
- Nov 2023 Amazon S3 server access logging now supports automatic date-based partitioning [5]
- Jan 2023 Encryption activated by default [6]
- Mar 2019 AWS S3 Glacier Deep Archive
- Nov 2018 AWS Announces Amazon S3 Object Lock in all AWS Regions [7]
Terraform[edit]
- Terraform S3 resources:
aws_s3_bucket_policy
- Terraform resource:
aws_s3_bucket_website_configuration
Related terms[edit]
- Amazon EBS, Amazon EFS
- Amazon S3 clients: CloudBerry Explorer, Transmit 5, Cyberduck
s3fs-fuse
- AWS Storage Gateway
- Amazon Glacier
- Amazon S3 Cross-Region Replication (CRR)
- PrestoDB SQL engine
- AWS: 1.4 Choose appropriate resilient storage
- CloudFormation:
AWS::S3, AWS::S3::Bucket
- Amazon S3 Storage Lens
- Amazon S3 inventory [8]
- Amazon Macie for S3 analysis
- Restrict access to files in Amazon S3 buckets
- AWS managed policy: AmazonS3ReadOnlyAccess
- Amazon GuardDuty S3 protection
- Amazon Athena
- BucketName:
- BucketEncryption:
s3streamcat
- File hosting service
- Google Cloud Storage (GCS)
s3-website
- Object lock, WORM
- Bucket keys
- S3 Express One Zone
Limitations[edit]
Activities[edit]
- Read https://stackoverflow.com/questions/tagged/amazon-s3?sort=votes
- Read https://www.sumologic.com/insight/10-things-might-not-know-using-s3/
- Read How do I use CloudFront to serve a static website hosted on Amazon S3? https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-serve-static-website/
- Learn about AWS cloudtrail data events
See also[edit]
- AWS S3:
aws s3control
.aws s3
[cp | ls
|sync | presing
|mb | rm | rb
] - AWS S3,
aws s3, aws s3api, aws s3control, s3:
, Amazon S3 Storage Lens, AWS S3 replication, CRR, SSR, CAR, S3 Replication Time Control (S3 RTC), Website endpoint, Amazon Macie, Versioning, Lifecycle, Encryption, logging, Amazon S3 Inventory, Amazon S3 Batch Operations, Storage Classes, Amazon S3 clients, Terraform S3, AWS canned ACLs, Directory buckets, security,PutObject
- AWS storage, S3, EBS, EFS, AWS DataSync, AWS Storage costs
- Object storage: AWS S3, ceph, Scality, SWIFT, Cloudian, MinIO, Swift (OpenStack), Object versioning
- Cloud storage, File hosting service, DigitalOcean Spaces
Advertising: