[AWS Cloud Fundamental Notes] S3
Introduction to S3 and its usage and operational mechanism
Scalable, available, secure, and efficient cloud object storage
- Bucket: storage space
- Object: stored item
Encryption can be applied to objects during upload.
Each object has a unique HTTPS link. By default, accessing objects through a browser is blocked (Access Denied).
Security
ACL: ithome: New S3 buckets will default to prohibiting public access and disabling ACLs starting April next year.- IAM: Defines what actions entities can take on your “AWS environment.”
- S3 Bucket Policy: Defines what actions entities can take on your “S3 bucket.”
- Restrictions can be applied based on IP, HTTP headers.
- Specific to S3 bucket.
- All objects within the bucket will adhere to the same policy settings.
Object Versions
| Type | Use Case |
|---|---|
| Versioning | Version control, allows updates or rollbacks |
| MFA Delete | Deletion requires MFA verification from a mobile device |
| Object Lock | Locks object, preventing deletion |
Using versioning in S3 storage
Monitoring
- Server access logging: Monitors bucket access.
- Object-level logging: Monitors object access.
Access Points
When an S3 bucket is accessed by multiple services, the Bucket Policy can become complex.
To decouple different services and the bucket itself, the Access Points feature was introduced.
This allows the same bucket to have different access rules.
- Each Access Point has its own unique URL.
- Each access point can be configured with corresponding policies for access restrictions.
- The name is unique under the Account + Region condition.
