Amazon S3 Concepts
External
Internal
Overview
Amazon Simple Storage Service (S3) is an object storage service. It can be used to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices and big data analytics. Amazon S3 is designed for 99.999999999% (11 9's) of durability. The S3 service can be integrated and exposed externally via the Amazon API Gateway.
The fundamental storage entity in S3 is the object. Objects are contained in buckets.
Object
An object is the fundamental entity stored in Amazon S3. Each object consists of data, a key, and metadata. Every S3 object can be uniquely addressed through a combination of the web service endpoint, bucket name, key and optionally a version. Assuming that "blue" is the bucket name, and "2021-01-01/picture.jpg" is the key, the object can be accessed as https://blue.s3.amazonaws.com/2021-01-01/picture.jpg
Data
The data portion of an object is opaque to Amazon S3.
Key
The object key and its version ID uniquely identify the object in a bucket, and the combination of a bucket, key and version ID uniquely identify globally each object stored in Amazon S3. Every object in a bucket has exactly one key.
Version ID
Metadata
The object metadata is a set of key/value pairs that describe the object. Metadata include some default pairs: date last modified, and standard HTTP metadata such as Content-Type. Custom metadata can be specified at the time the object is stored. After the object was stored, the object metadata cannot be modified. The only way to modify the metadata is to make a copy of the object and set the metadata.
Bucket
The Amazon S3 data model is a flat structure: you create a bucket, and the bucket stores objects. A bucket organizes the Amazon S3 namespace at the highest level. A bucket seems to be associated with a specific AWS account - an unrelated AWS account cannot see the bucket in the console. However, I cannot seem to get the AWS account from the bucket.
Buckets are created in a specific region.
There is no hierarchy of sub-buckets or subfolders; however, you can infer logical hierarchy using key name prefixes and delimiters. The Amazon S3 console supports a concept of folders. The console uses the key name prefixes and the delimiter ('/') to present a folder structure.
Bucket ARN
arn:aws:s3:::bucket-name
Bucket Permissions
By default, all S3 buckets are private and can be accessed only by users that are explicitly granted access.
Bucket Public Access
Bucket Access Control List
Bucket Policy
Operations:
Bucket CORS Configuration
Regions and Buckets
A bucket lives in a region. The region may be chosen to optimize latency, minimize costs and address regulatory requirements. Objects stored in a region never leave the region unless they are explicitly transferred them to another region.