Features of AWS Simple Storage Service (S3) and Data Management

Key features of AWS Simple Storage Service (S3) and Data Management.

Photo by Joshua Woroniecki on Unsplash

What is Simple Storage Service?

Amazon’s Simple Storage Service is an object storage service that is used to store data (images, documents, videos, and files with different extensions) as an object. It also offers data security, scalability, availability, and performance. For customers, it provides different tiers of storage for their data based upon their usage frequency and requirement. S3 also provides few management services to optimize, organize, and configure access to your data to meet the business requirements.

Amazon S3 Storage Class

Simple Storage Services consists of a number of multiple storage tiers. Depending on the requirement, customers can use these tiers or process the data to a certain tier after one or after a few months of using Life Cycle Management in order to reduce the cost.

There are six tiers of S3:

• S3 Standard
• S3 Standard -IA
• S3 One Zone -IA
• S3 Intelligent-Tiering
• S3 Glacier
• S3 Glacier Deep Archive

Performance Comparison

The following table shows a comparison of all the S3 tiers:

Data Store Management

Storing data includes few activities such as bucket creation, uploading data, providing granular, and the lowest level of access to the bucket.

Please look at the steps given below:

Step 1: Create a Bucket

• First login to AWS console using https://console.aws.amazon.com/s3/ link.
• Select S3 under the storage section like the snap below:

• Once you click on the S3 option, you’ll be able to access the S3 console. Then click on the Create option.

• Now you have to provide few details and check settings as per your requirement. Provide bucket name and location, after that, you need to uncheck the “Block all public access” option and do check on below acknowledgement statement.

The following rules apply for naming buckets in Amazon S3:

• Bucket names must be between 3 and 63 characters long.
• Bucket names can consist only of lowercase letters, numbers, dots (.), and hyphens (-).
• Bucket names must begin and end with a letter or number.
• Bucket names must not be formatted as an IP address (for example, 192.168.5.4).
• Bucket names must not start with the prefix xn--.
• Bucket names must not end with the suffix -s3alias. This suffix is reserved for access point alias names. For more information, see Using a bucket-style alias for your access point.
• Bucket names must be unique within a partition. A partition is a grouping of Regions. AWS currently has three partitions: aws (Standard Regions), aws-cn (China Regions), and aws-us-gov (AWS GovCloud [US] Regions).

• Let’s keep the same rest other option as default. We can change our settings after creating the bucket also.
• Once the bucket gets created, then select the radio button against the bucket you have created, then select it. You’ll get to view other tabs for configuration changes.

Step 2: Uploading an object

• Select the bucket name you want to open up, then you’ll be able to see the below screen. Select the “Upload” option.

• Select the “Add Files” or “Add Folder” option to upload.

• After selecting the folder/files, just click on the Upload option. Once uploaded, it will show as the below snap:

Step 3: Managing Bucket and Object Setting:

• If you click on the file that you uploaded right now, you’ll get to see an overview of this file and a lot more settings:

• Here in the overview, you can see the “Object URL” option which we can use to browse the content. But initially, the contents aren’t viewable as it’s private. Even if you try to browse this URL, you’ll get an error:

• In order to remove this error, we need to make the object Public. Once we do, then we’ll be able to access it over the internet:

• Now using that URL, I’m able to access the file:

As we have made this file Public, so it can be accessed from anywhere in the world.

• Now instead of one file, if I have 100 files, then it is impossible to make the contents public individually. This is when Bucket Policy comes into the picture. This policy is written in JSON using Policy Generator or you can write this script manually as well, which basically describes the level of access and who can access which files/folders, etc.
• Select the bucket first, then click on the “Permissions” tab, then you’ll see the “Bucket Policy” option:

• Put this JSON script.

{
 “Version”:”2012–10–17",
 “Statement”:[
 {
 “Sid”:”PublicRead”,
 “Effect”:”Allow”,
 “Principal”: “*”,
 “Action”:[“s3:GetObject”,”s3:GetObjectVersion”],
 “Resource”:[“arn:aws:s3:::bucket-test12–098/*”]
 }
 ]
}

Note: Just change the bucket ARN details. Also, choose the API operations as per your requirement under the “Action” block.

• Once you put the bucket policy, please verify whether the “publicly accessible” tagline is showing or not just under the bucket name. See the below snap for reference:

Versioning

Versioning is a process that captures the changes in a particular object and creates another copy of the original object with updated contents. Once we enable it, it starts to capture changes only. Once anyone makes any changes inside the file/object, another version with updated contents will be created.

You can use this technique to preserve the contents from accidental deletion. Then it can be restored in case of any application failures.

Once it is enabled, it can’t be disabled, but yes it can be suspended as shown below:

For a non-versioned bucket, an object retrieval always returns the only object available, but for a versioned bucket, an object retrieval returns the current object. Non-current objects can be retrieved by specifying the version ID.

In the case of object addition, if an object with the same key is uploaded again, then it overwrites the object. But for a versioned bucket, the newly uploaded object will be the current version and the previous one would be the non-current version.

In the case of object deletion, for the non-versioned bucket, objects are deleted and can’t be recovered. Whereas in the case of a versioned bucket, all versions remain in the bucket and Amazon inserts a delete marker which becomes the current version. If an object with a certain version ID is deleted, then permanent deletion happens and objects can’t be recovered.

Server Access Logging

Server Access Logging needs to be enabled to track all API operation happened on a particular bucket. This one is specially used for troubleshooting purposes.

• In the “Properties” tab, just scroll down a little and you’ll see the Server Access Logging option which is disabled by default. You need to enable it explicitly:

• For storing the Access logs, you need to select another bucket as the target location.

Object Locking

It’s a feature of Simple Storage Service which allows users to write an object once and read multiple times (WORM = Write Once, Read Many). This feature provides extra data security from getting deleted or corrupted by anyone. By default, it’s disabled, but while creating a bucket, we can enable it as per requirement. Once we create the bucket, it cannot be enabled. You need to take help from Customer Support:

Now, we have come to the end of this topic. Here, we have seen what S3 is all about, how to create a bucket and upload objects, how to manage permissions, etc. Hope you all have got an overview of S3. Going forward, I’ll create content on Life Cycle Rule and Data Replication on S3.

Hope you like this article. Please follow me for further updates. And share in your circle definitely. If you have any suggestions/queries, just drop a comment. Thanks.

Cheers,

Anirban Das

More content at plainenglish.io