Definition:
- name:
- Globally unique
- No: underscore, space, uppercase…
- 3-63 characters
- starts and ends with letter or number
- no 2 adjacent periods
- cant name as IP address
- some prefixes and suffixes are not allowed
- region: bucket are regional
- ACL
- Block public access settings
- Object Versioning
- Tags
- Default encryption
- S3 Object Lock: prevent the deletion of objects in a bucket
- can only be turned on at the creation of the bucket
- can store using WORM
- set prevent deletion and overwritten for fix time or indefinitely
- similar to S3 Glacier???
- Object retention is handled in 2 ways:
- retention hold/mode: fix period which objects’ versions cannot be deleted. only work for versioning bucket
- governance mode:
- cannot be overwritten without special permissions
s3:BypassGovernanceRetention with x-amz-by-pass-governance-retention:true
- lock period can be changed by special user
- compliance mode:
- cannot be overwriten or deleted by any user, even root
- lock period cant be changed
- delete object requires deleting aws account
- legal holds: remain locked until you rm the holds, prevent object versioning data from being deleted/overwritten
- independent from retention hold
- add legal hold on an object doesnt affect retention period for that object versioning
- S3 bucket with this enabled cant be used as destination bucket for server access log as log are overwrite with append mode
- Notes:
- must be empty before it can be deleted
- default limit is 100 GP bucket per account
- file can be between 0 bytes and 5TB
- Entity tag (Etag): a reponse header that represent a resource that has changed (without needing to download)
- by hasing (MD5 or SHA-1)
- part of HTTP(s) prototol
- metadata:
- system defined metadata are made by aws, some are changable by user
- user defined metadata: must start with x-amz-meta-
- prefix is hidden from cli
- S3 Object Lock: lock individual object
- must be set by API (not console)
- S3 Object Delete Marker: a special object delete an object in a versioning-enabled S3 bucket using a simple
DELETE request.
- to hide the object from standard view while preserving its previous versions
- can be used as Uniform Resource Identifier
- S3 Storage Class, sort by least to cheapest
- Standard (default)
- data is stored in >= 3 AZ
- low latency
- no minimum storage duration charge
- S3 reduced redundancy storage (RRS):
- legacy
- Noncritical (data can be lost)
- frequently accessed data
- milliseconds access
- not recommended as S3 Standard is more cost effective
- S3 Intelligent Tiering: ML to analyze usage
- S3 Express One Zone storage class: only 1 AZ, very fast
- S3 Standard-IA: Infrequently accessed data
- 50% less cheaper than standard
- for accessing once a month
- pay per request
- extra fee to retrieve
- milliseconds access
- minimum storage duration charge 30 days
- S3 One-Zone IA
- S3 Glacier Instant Retrival: once a quarter
- S3 Glacier Flexible Retrieval: Once a year
- Glacier Deep Archive: less than once a year, data retrieval is 12 hours