Cloud Computing Intermediate to Advanced +200 XP

AWS Storage

Amazon S3 Object Storage & Lifecycle Management

**Amazon Simple Storage Service (S3)** is the standard object storage system in the cloud, offering 99.999999999% (11 9s) of durability. Unlike standard filesystems, it stores unstructured data objects inside buckets, accessed via standard REST API endpoints.

S3 Storage Classes Hierarchy:
  • S3 Standard: High throughput, low latency. Used for active website files and databases.
  • S3 Standard-IA (Infrequent Access): Cheaper storage, but has a retrieval cost. Ideal for long-term active backups.
  • S3 Glacier Flexible: Muted archive tier. Retrieval times range from 1 minute to 5 hours.
  • S3 Glacier Deep Archive: The lowest cost tier in AWS. Retrieval takes 12 hours.

S3 Security, Bucket Policies & Encryption (SSE)

Data security on S3 requires three layers of boundaries: **Block Public Access (BPA)** to prevent accidental leakage, **Bucket Policies** to restrict source IP and IAM authorization, and **Server-Side Encryption (SSE)**.

Encryption is enforced using either standard **SSE-S3** (keys managed entirely by Amazon) or **SSE-KMS** (keys managed via AWS Key Management Service, allowing granular access logging and key rotation policies).

Interactive Pipeline: Object Lifecycle & Automated Tiering

Observe how files flow through S3 lifecycle rules. Instead of paying premium prices for cold backups, lifecycle engines monitor access logs to move files to cheaper Glacier classes or purge them completely.

Pipeline P: S3 Storage Lifecycle & Tiering

Active
S3 Standard
0 - 30 Days (Active Assets)
Transition
Standard-IA
Day 30+ (Infrequent Backups)
Archive
Glacier Deep
Day 90+ (Cold Archives)
Purge
Delete Object
Day 365 (Auto Expired)

AWS CLI S3 Operations & Lifecycle JSON configurations

Below is the JSON definition for an S3 lifecycle policy that transitions objects to Glacier after 90 days and deletes them after 365 days. It is applied instantly via the AWS CLI:

{
  "Rules": [
    {
      "ID": "ArchiveOldBackups",
      "Status": "Enabled",
      "Filter": { "Prefix": "backups/" },
      "Transitions": [
        { "Days": 90, "StorageClass": "GLACIER" }
      ],
      "Expiration": { "Days": 365 }
    }
  ]
}

To apply this policy via terminal:

aws s3api put-bucket-lifecycle-configuration --bucket company-backups --lifecycle-configuration file://lifecycle.json