Getting Started With Amazon S3

Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance. Customers of all sizes and industries can store and protect any amount of data for virtually any use case, such as data lakes, cloud-native applications, and mobile apps. With cost-effective storage classes and easy-to-use management features, you can optimize costs, organize data, and configure fine-tuned access controls to meet specific business, organizational, and compliance requirements.

S3 storage provides the following key features:

• Buckets — data is stored in buckets. Each bucket can store an unlimited amount of unstructured data.
• Elastic scalability — S3 has no storage limit. Individual objects can be up to 5TB in size.
• Flexible data structure — each object is identified using a unique key, and you can use metadata to flexibly organize data.
• Downloading data — easily share data with anyone inside or outside your organization and enable them to download data over the Internet.
• Permissions — assign permissions at the bucket or object level to ensure only authorized users can access data.
• APIs — the S3 API, provided both as REST and SOAP interfaces have become an industry standard and are integrated with a large number of existing tools.

Amazon S3 Storage Classes

• Standard — for frequently accessed data
• Standard-IA — standard infrequent access
• One Zone-IA — one-zone infrequent access
• Intelligent-Tiering — automatically moves data to the most appropriate tier

Create Your First Amazon S3 Bucket

In the AWS Management Console search bar, enter S3, and click the S3 result under Services:

You will be placed in the S3 console.

2. From the S3 console, click the orange Create Bucket button:

3. Enter a unique Bucket name on the Name and region screen of the wizard:

Important!!

Bucket names must be globally unique, regardless of the AWS region in which you create the bucket. Buckets must also be DNS-compliant.

The bucket name must:

• Be unique across all of Amazon S3.
• Be between 3 and 63 characters long.
• Not contain uppercase characters.
• Start with a lowercase letter or number.

Avoid including sensitive information, such as account number, in the bucket name. The bucket name is visible in the URLs that point to the objects in the bucket.

4. In Region, choose the AWS Region where you want the bucket to reside.

Choose a Region close to you to minimize latency and costs and address regulatory requirements.

5. Leave the Block public access (bucket settings) at the default values:

No changes are needed. This is where you can set public access permissions.

6. Click on Create bucket.

A page with a table listing buckets will load and you will see a green notification that your bucket was created successfully.

7.In the Buckets table, click the name of your bucket in the Name column.

A page will load with a row of tabs at the top.

8. To see details and options for your bucket, click on the Properties:

This page allows you to configure your Amazon S3 bucket in many different ways.

Upload an object to your bucket

After creating a bucket in Amazon S3, you’re ready to upload an object to the bucket.

1. Open the Amazon S3 console at https://console.aws.amazon.com/s3/.
2. In the Buckets list, choose the name of the bucket that you want to upload your object to.
3. On the Objects tab for your bucket, choose Upload.
4. Under Files and folders, choose Add Files.
5. Choose a file to upload, and then choose Open.
6. Choose Upload.

You’ve successfully uploaded an object to your bucket.

Access control best practices for S3 Bucket

Creating a new bucket

1-S3 Object Ownership for simplifying access control: S3 Object Ownership is an Amazon S3 bucket-level setting that you can use to disable access control lists (ACLs) and take ownership of every object in your bucket, simplifying access management for data stored in Amazon S3.

Object Ownership has three settings that you can use to control ownership of objects uploaded in your bucket and disable or enable ACLs

2-Block Public Access: S3 Block Public Access provides four settings to help you avoid inadvertently exposing your S3 resources. You can apply these settings in any combination to individual access points, buckets, or entire AWS accounts. If you apply a setting to an account, it applies to all buckets and access points that are owned by that account. By default, the Block all public access setting is applied to new buckets created in the Amazon S3 console.

3-Grant access with IAM identities: When setting up accounts for new team members who require S3 access, use IAM users and roles to ensure the least privileges. You can also implement a form of IAM multi-factor authentication (MFA) to support a strong identity foundation. Using IAM identities, you can grant unique permissions to users and specify what resources they can access and what actions they can take.

4-Bucket policies: With bucket policies, you can personalize bucket access to help ensure that only those users you have approved can access resources and perform actions within them. In addition to bucket policies, you should use bucket-level Block Public Access settings to further limit public access to your data.

5-Buckets in a VPC setting: When adding users in a corporate setting, you can use a virtual private cloud (VPC) endpoint to allow any users in your virtual network to access your Amazon S3 resources. Rather than adding each user to an IAM role or group, you can use VPC endpoints to deny bucket access if the request doesn’t originate from the specified endpoint.

Storing and sharing data

1-Versioning and Object Lock for data integrity: implement S3 Versioning and S3 Object Lock. These features help prevent accidental changes to critical data and enable you to roll back unintended actions.

2-Object lifecycle management for cost efficiency: To manage your objects so that they are stored cost-effectively throughout their lifecycle, you can pair lifecycle policies with object versioning. Lifecycle policies define actions that you want S3 to take during an object’s lifetime.

3-Cross-Region Replication for multiple office locations: When creating buckets that are accessed by different office locations, you should consider implementing S3 Cross-Region Replication. Cross-Region Replication helps ensure that all users have access to the resources they need and increases operational efficiency.

Note: Use of this tool increases storage costs.....

4-Permissions for secure static website hosting: When configuring a bucket to be used as a publicly accessed static website, you need to disable all Block Public Access settings. It is important to only provide s3:GetObject actions and not ListObject or PutObject permissions when writing the bucket policy for your static website. This helps ensure that users cannot view all the objects in your bucket or add their own content.

Sharing resources

1-S3 Object Ownership: S3 Object Ownership is an Amazon S3 bucket-level setting that you can use to disable ACLs and take ownership of every object in your bucket.

2-User policies: You can share resources with a limited group of people using IAM groups and user policies.

Protecting data

1-Object encryption

-Amazon S3 managed keys (SSE-S3)
-KMS keys stored in AWS Key Management Service (SSE-KMS)
-Customer-provided keys (SSE-C)

2-Signing methods: Signature Version 4 is the process of adding authentication information to AWS requests sent by HTTP.

3-Logging and monitoring

-Amazon CloudWatch
-AWS CloudTrail
-Amazon S3 Access Logs
-AWS Trusted Advisor

Reference

What is Amazon S3?

Thanks, everyone for reading

Support me if you like my work! Buy me a coffee

tushars25

Follow me on Twitter, LinkedIn, GitHub