AWS S3 Cheat Sheet: Ace Your Solutions Architect Associate Exam!
S3 Basics
S3 (Simple Storage Service) is an object storage service for storing any amount of data.
Objects (files) are stored in Buckets (containers).
Global namespace: Bucket names must be globally unique.
Data is automatically replicated across multiple Availability Zones (AZs).
Storage Classes
Storage Class | Use Case | Durability | Availability |
S3 Standard | Frequently accessed data | 99.999999999% (11 9s) | 99.99% |
S3 Intelligent-Tiering | Auto moves objects between tiers | 99.999999999% | 99.9% |
S3 Standard-IA | Infrequent access, lower cost | 99.999999999% | 99.9% |
S3 One Zone-IA | IA but stored in one AZ | 99.999999999% | 99.5% |
S3 Glacier | Archival storage, retrieval time minutes to hours | 99.999999999% | N/A |
S3 Glacier Deep Archive | Cheapest, retrieval 12-48 hours | 99.999999999% | N/A |
Security & Access Control
Encryption:
SSE-S3 (Server-side, managed by S3)
SSE-KMS (AWS KMS keys)
SSE-C (Customer-managed keys)
Client-side encryptio
Access Control:
Bucket Policies (JSON-based, IAM-style permissions)
IAM Policies (User/role-based permissions)
ACLs (Access Control Lists) (Legacy method, not recommended)
Block Public Access (Prevents accidental public exposure)
MFA Delete:
Requires Multi-Factor Authentication (MFA) to delete objects.
Only works with root user.
Data Management & Performance
Versioning:
Keeps multiple versions of an object.
Protects against accidental deletion.
Lifecycle Policies:
Automates transitions between storage classes.
Example: Move to Standard-IA after 30 days, then Glacier after 90 days.
Replication:
Cross-Region Replication (CRR): Replicates objects between AWS regions.
Same-Region Replication (SRR): Replicates objects within the same region.
Must enable versioning for replication.
Transfer Acceleration:
- Speeds up uploads using AWS Edge Locations (CloudFront network).
Multipart Upload:
- Recommended for files larger than 100MB, required for \>5GB.
Event Notifications & Logging
S3 Event Notifications can trigger:
SNS (Simple Notification Service)
SQS (Simple Queue Service)
Lambda (Serverless Processing)
Logging & Auditing:
Server Access Logs (S3 writes logs to another bucket)
CloudTrail (Tracks API calls and activities)
Cost Optimization
S3 Storage Pricing:
Charged for storage used, requests, data transfer.
Use Glacier for long-term storage.
Reduce costs using Lifecycle Policies and Intelligent-Tiering.
Use S3 Object Lock instead of Versioning to protect data at a lower cost.
High Availability & Disaster Recovery
Data stored across multiple AZs (except One Zone-IA).
Cross-Region Replication (CRR) for multi-region DR.
Glacier & Object Lock for data immutability & compliance.
S3 Exam Tips
✔ IAM Policies grant permissions to S3 buckets. IAM Users/Groups need explicit access
✔ Bucket Policies can allow public access, but "Block Public Access" must be disabled
✔ Versioning cannot be disabled once enabled (only suspended)
✔ Multipart Upload required for files > 5GB
✔ Glacier is the cheapest storage but takes time to retrieve
✔ Use S3 Transfer Acceleration for high-speed global uploads
✔ Cross-Region Replication requires Versioning to be enabled
✔ Use S3 Object Lock for Write-Once-Read-Many (WORM) scenarios
✔ CloudFront can cache and accelerate S3 content delivery
Final Tip
If a question asks about security & access control, think IAM Policies, Bucket Policies, ACLs, and Block Public Access.
If a question asks about cost optimization, think Lifecycle Policies, Intelligent-Tiering, Glacier, and S3 One Zone-IA.
