Amazon S3 Advance Feature
Amazon S3 has some Advance features which is described one by one below.
Prefixes and Delimiters:
AWS uses prefixes and delimiters parameters when listing key names for objects. It helps creation of bucket hierarchy. Typically we use (\ or /) as delimiters and then use key name to emulate a file and folder hierarchy.
Amazon S3 provides following storage class for various use cases.
- Amazon S3 Standard: It offers high durability, high availability, low latency and high performance object storage for general purpose because it provides low first-byte latency and high throughput.
- Amazon S3 Standard – Infrequent access: It is designed for long lived, less frequently accessed data. It has lower per GB –month storage cost than standard.
- Amazon S3 Reduced Redundancy storage: It offers slightly lower durability than standard and standard –IA at a reduced cost.
- Amazon Glacier: It is used for data that does not require real time access such as archive long term backups. It offers secure, durable, extremely low cost cloud storage. To access the Amazon Glacier objects , you issue a restore command using Amazon S3 API and after three to five hours later your Amazon Glacier objects is copied to Amazon S3 RRR, your original Data remains in Amazon Glacier until explicitly deleted.
Object Lifecycle Management:
Using Amazon S3 Lifecycle configuration rules, storage cost can be reduced by automatically transitioning data from one storage class to another storage class or deleting data after a period of time.
Some of the Lifecycle rule are:
- Store backup data initially in Amazon S3 standard
- After 60 days transition data to Amazon Standard –IA
- After 120 days transition data to Amazon Glacier
- After 3 years delete.
Amazon S3 Secure Sockets layer ( SSL ) API endpoints is used to secure S3 data in flight while sending data to and from amazon S3 using HTTPS protocols .
When data is rest, we can use several variation of Server Side Encryption (SSE). It encrypts data at object level as it writes it in to disk at datacenter and decrypts it when you access it. SSE is performed by Amazon S3 and AWS key management Service. Using 256-bit AES.
- SSE –S3 (AWS –managed Keys): It is key management and key protection encryption mechanism solution via AWS. In this every object is encrypted with unique key. The actual object key itself is encrypted by separate master key which is issued at monthly, with AWS rotating the Keys. Encrypted data, Keys, Master keys are stored separately on secure hosts.
- SSE-KMS (AWS KMS Keys): It is fully integrated key solution by Amazon S3 for key management and protection of Amazon S3. In this there are separate permission for using master keys. AWS KMS also provides auditing so that you can see who has used your keys to access which objects and when.