Storage Classes
- S3 Standard: 99.99% availability, 11 9s durability. Frequent access.
- S3 Standard-IA: lower cost, retrieval fee. Infrequent access, min 30 days.
- S3 One Zone-IA: single AZ, 20% cheaper than Standard-IA.
- S3 Intelligent-Tiering: auto-moves objects between tiers. No retrieval fee.
- S3 Glacier Instant Retrieval: millisecond retrieval, min 90 days.
- S3 Glacier Flexible Retrieval: minutes to hours, min 90 days.
- S3 Glacier Deep Archive: cheapest, 12–48 hour retrieval, min 180 days.
Security & Encryption
- SSE-S3: Amazon-managed keys (default). AES-256.
- SSE-KMS: KMS-managed keys. Audit trail via CloudTrail.
- SSE-C: customer-provided keys. Must use HTTPS.
- Client-side encryption: encrypt before upload.
- Bucket policies + ACLs + IAM policies for access control.
- Block Public Access: account and bucket level settings.
Features
- Versioning: protects against accidental deletes. MFA Delete for extra security.
- Lifecycle policies: transition/expire objects automatically.
- Cross-Region Replication (CRR): requires versioning enabled on both buckets.
- Same-Region Replication (SRR): compliance, log aggregation.
- S3 Transfer Acceleration: uses CloudFront edge locations for fast uploads.
- S3 Select / Glacier Select: retrieve subset of data using SQL.
- Event Notifications: trigger Lambda, SQS, SNS on object events.
Limits
- Object size: 0 bytes to 5 TB. Multipart upload required above 5 GB.
- Bucket names: globally unique, 3–63 characters.
- 3,500 PUT/COPY/POST/DELETE and 5,500 GET/HEAD requests per second per prefix.
- No limit on objects per bucket.
Practice S3 Questions
Put your knowledge to the test with practice questions.