Amazon S3
Amazon Simple Storage Service (S3) — scalable object storage. Covers storage classes, lifecycle policies, security, versioning, replication, and cross-cloud equivalents.
Overview
Amazon Simple Storage Service (S3) is AWS's object storage service providing industry-leading scalability, durability (99.999999999% — 11 nines), and availability. It stores data as objects inside buckets.
Key properties:
- Global namespace — bucket names must be globally unique across all AWS accounts
- Region-scoped — data is stored in a specific AWS region but accessible globally via HTTP/S
- Flat structure — no real hierarchy; "/" in key names creates a visual folder structure
- Unlimited storage — no capacity limits; individual objects up to 5 TB
Exam Trap: S3 is object storage, not a file system. It does not support POSIX operations (file locking, append in-place, etc.). Use Amazon EFS for shared file system access.
Storage Classes
| Storage Class | Use Case | Availability | Min. Storage Duration | Min. Object Size | Retrieval Fee |
|---|---|---|---|---|---|
| S3 Standard | Frequently accessed data | 99.99% | None | None | None |
| S3 Intelligent-Tiering | Unknown or changing access patterns — auto-moves between tiers | 99.9% | None | None | None (monitoring fee applies) |
| S3 Standard-IA (Infrequent Access) | Infrequently accessed but needs millisecond retrieval | 99.9% | 30 days | 128 KB | Per-GB |
| S3 One Zone-IA | Infrequent access, non-critical, can be recreated | 99.5% (single AZ) | 30 days | 128 KB | Per-GB |
| S3 Glacier Instant Retrieval | Archive with millisecond access | 99.9% | 90 days | 128 KB | Per-GB |
| S3 Glacier Flexible Retrieval | Archive — retrieval in minutes to hours | 99.99% | 90 days | None | Per-GB |
| S3 Glacier Deep Archive | Longest-term archive — retrieval in 12 hours | 99.99% | 180 days | None | Per-GB |
Exam Trap: S3 Standard-IA and One Zone-IA have a minimum storage duration of 30 days and a minimum billable object size of 128 KB. Storing many small objects or short-lived objects here can cost more than Standard.
SAA/SAP Tip: S3 Intelligent-Tiering is ideal when access patterns are unpredictable — AWS automatically moves objects between access tiers at no retrieval cost. Small objects (< 128 KB) are always charged at the Frequent Access tier rate.
Key Features
Versioning
- Keeps multiple variants of an object in the same bucket
- Protects against accidental overwrites and deletes
- Required prerequisite for S3 Replication and Object Lock
Replication
| Type | Description |
|---|---|
| Cross-Region Replication (CRR) | Asynchronously replicates objects to a bucket in a different region — for DR, compliance, or latency reduction |
| Same-Region Replication (SRR) | Replicates to a bucket in the same region — for log aggregation, account separation |
Object Lock (WORM)
Write-Once-Read-Many (WORM) protection for compliance and data immutability.
- Governance mode — most users can't overwrite/delete; accounts with special permissions can
- Compliance mode — nobody (including root) can overwrite or delete before retention expires
Exam Trap: S3 Object Lock in Compliance mode cannot be overridden even by the AWS account root user. Choose Governance mode when admin override capability is still needed.
Lifecycle Policies
Automate transitioning objects between storage classes or expiring them after a set period — the primary cost-optimization tool for S3.
Security
| Control | Description |
|---|---|
| Bucket Policies | Resource-based JSON policy attached to a bucket; can grant cross-account access |
| IAM Policies | Identity-based policy attached to users/roles |
| Block Public Access | Account- or bucket-level setting to prevent public exposure — enabled by default for new buckets |
| Server-Side Encryption (SSE) | SSE-S3 (AWS-managed keys), SSE-KMS (AWS Key Management Service), SSE-C (customer-provided keys) |
| Presigned URLs | Time-limited URLs granting temporary access to a private object without AWS credentials |
SAA/SAP Exam Tips
SAA/SAP Tip: For cost optimization scenarios, the typical recommendation is: use Lifecycle Policies to transition objects to cheaper classes (IA → Glacier → Deep Archive) as they age.
SAA/SAP Tip: An S3 bucket can host a static website, but it cannot run server-side code. For dynamic content, pair it with Lambda or EC2 behind CloudFront.
Cross-Cloud Equivalents
| Provider | Service / Solution | Notes |
|---|---|---|
| AWS | Amazon S3 | Baseline |
| Azure | Azure Blob Storage | Supports similar tiered storage; lifecycle management available; slightly different ACL model |
| GCP | Google Cloud Storage | Unified bucket model; Autoclass feature similar to S3 Intelligent-Tiering |
| On-Premises | MinIO | S3-compatible object storage API; suitable for air-gapped or hybrid environments |
Pricing Model
- Billed per GB-month stored
- Billed per request (PUT, GET, DELETE, etc.)
- Billed for data transfer out to the internet or other regions; inbound is free
- Lifecycle transitions reduce storage cost but incur one-time transition request fees
Related Services / See Also
- Amazon EBS — block storage for EC2 instances
- Amazon EFS — managed NFS file storage, multi-AZ
- Amazon CloudFront — CDN that can cache S3 objects at edge locations
- AWS Storage Gateway — hybrid cloud storage integrating on-prem with S3
Amazon EFS and FSx
AWS managed file storage services — Amazon EFS (Elastic File System) for Linux-based NFS workloads, and Amazon FSx for Windows, Lustre, NetApp ONTAP, and OpenZFS. Covers use cases, performance modes, and cross-cloud equivalents.
AWS Storage Gateway
AWS Storage Gateway — hybrid cloud storage service bridging on-premises environments with AWS cloud storage. Covers gateway types (S3 File, FSx File, Volume, Tape), use cases, and cross-cloud equivalents.