AWS S3 Cheat Sheet: Ace Your Solutions Architect Associate Exam!

S3 Basics

• S3 (Simple Storage Service) is an object storage service for storing any amount of data.

• Objects (files) are stored in Buckets (containers).

• Global namespace: Bucket names must be globally unique.

• Data is automatically replicated across multiple Availability Zones (AZs).

---

Storage Classes

Storage Class	Use Case	Durability	Availability
S3 Standard	Frequently accessed data	99.999999999% (11 9s)	99.99%
S3 Intelligent-Tiering	Auto moves objects between tiers	99.999999999%	99.9%
S3 Standard-IA	Infrequent access, lower cost	99.999999999%	99.9%
S3 One Zone-IA	IA but stored in one AZ	99.999999999%	99.5%
S3 Glacier	Archival storage, retrieval time minutes to hours	99.999999999%	N/A
S3 Glacier Deep Archive	Cheapest, retrieval 12-48 hours	99.999999999%	N/A

---

Security & Access Control

Encryption:

• SSE-S3 (Server-side, managed by S3)

• SSE-KMS (AWS KMS keys)

• SSE-C (Customer-managed keys)

• Client-side encryptio

Access Control:

• Bucket Policies (JSON-based, IAM-style permissions)

• IAM Policies (User/role-based permissions)

• ACLs (Access Control Lists) (Legacy method, not recommended)

• Block Public Access (Prevents accidental public exposure)

MFA Delete:

• Requires Multi-Factor Authentication (MFA) to delete objects.

• Only works with root user.

---

Data Management & Performance

Versioning:

• Keeps multiple versions of an object.

• Protects against accidental deletion.

Lifecycle Policies:

• Automates transitions between storage classes.

• Example: Move to Standard-IA after 30 days, then Glacier after 90 days.

Replication:

• Cross-Region Replication (CRR): Replicates objects between AWS regions.

• Same-Region Replication (SRR): Replicates objects within the same region.

• Must enable versioning for replication.

Transfer Acceleration:

• Speeds up uploads using AWS Edge Locations (CloudFront network).

Multipart Upload:

• Recommended for files larger than 100MB, required for \>5GB.

---

Event Notifications & Logging

S3 Event Notifications can trigger:

• SNS (Simple Notification Service)

• SQS (Simple Queue Service)

• Lambda (Serverless Processing)

Logging & Auditing:

• Server Access Logs (S3 writes logs to another bucket)

• CloudTrail (Tracks API calls and activities)

---

Cost Optimization

• S3 Storage Pricing:

  • Charged for storage used, requests, data transfer.

  • Use Glacier for long-term storage.

• Reduce costs using Lifecycle Policies and Intelligent-Tiering.

• Use S3 Object Lock instead of Versioning to protect data at a lower cost.

High Availability & Disaster Recovery

• Data stored across multiple AZs (except One Zone-IA).

• Cross-Region Replication (CRR) for multi-region DR.

• Glacier & Object Lock for data immutability & compliance.

---

S3 Exam Tips

✔ IAM Policies grant permissions to S3 buckets. IAM Users/Groups need explicit access

✔ Bucket Policies can allow public access, but "Block Public Access" must be disabled

✔ Versioning cannot be disabled once enabled (only suspended)

✔ Multipart Upload required for files > 5GB

✔ Glacier is the cheapest storage but takes time to retrieve

✔ Use S3 Transfer Acceleration for high-speed global uploads

✔ Cross-Region Replication requires Versioning to be enabled

✔ Use S3 Object Lock for Write-Once-Read-Many (WORM) scenarios

✔ CloudFront can cache and accelerate S3 content delivery

Final Tip

If a question asks about security & access control, think IAM Policies, Bucket Policies, ACLs, and Block Public Access.

If a question asks about cost optimization, think Lifecycle Policies, Intelligent-Tiering, Glacier, and S3 One Zone-IA.