What I have learned about S3 on AWS

This is the second post of content for preparing yourself for becoming an AWS Solutions Architect Associate.

As stated in my AWS IAM post, next up is AWS’ Simple Storage Service, or S3, as it is more commonly known.

As I did with IAM, let’s look at the differences to the closest equivalent in Azure. S3 is a service that is similar to Azure Storage service, but only the object, or BLOB, storage component of Azure Storage. S3 is object storage ONLY, no files, tables, or queues. AWS provides file storage with Elastic File Storage (EFS). This post is focusing on S3 object storage.

One major difference from a security perspective is that S3 storage is not encrypted at rest by default. You need to turn on this encryption for your S3 services. This encryption is turned on for the S3 Bucket which acts like a folder and is the equivalent to a BLOB container in Azure Storage.

There are different capabilities for identity and access security permissions, IAM, within the S3 buckets. They can created at the bucket level using role policies or at the object level using access control lists.

S3 has six different tiers that can be chosen for S3: Standard, Infrequently Accessed, One-zone Infrequently Accessed, Intelligent Tiering, Glacier, and Glacier sub-zero. Standard S3 has an availability SLA of 99.99%. It does have a durability of 11 “9s” or 99.999999999%, meaning that even if the service were to go down, your objects are safe. This is not true for One-zone Infrequently Accessed.

Let’s break-down each of these for understanding:

S3 Bucket sharing can be done in three ways:

Cross region replication

S3 Transfer acceleration

AWS DataSync



Storage Gateway

Athena versus Macie

Athena - Query service to analyze data in S3 with SQL queries. Works directly with S3 stored data. Pay per query or terabyte scanned, serverless infrastructure. Query log files in S3. Can generate business, cost, and usage reports.

Macie - Security service that uses AI/ML and natural language processing to analyze objects on S3 for Personal Identifiable Information (PII). Helpful for PCI-DSS compliance.

I hope that you are enjoying this information so far. It is helping me to continue to comprehend these services as I prepare for the exam myself. Thank you very much.

Reference links:

What I’ve Learned about IAM on AWS


What I’ve Learned about S3 on AWS


What I’ve Learned about EC2 on AWS


What I’ve Learned about EBS on AWS


What I’ve Learned about Cloudwatch on AWS


What I’ve Learned about RDS on AWS


What I’ve Learned about Route 53 on AWS


What I’ve Learned about VPC on AWS


What I’ve Learned about High Availability on AWS


What I’ve Learned about Applications on AWS


What I’ve Learned about Security on AWS


What I’ve Learned about Lambda and serverless on AWS