πͺ£ Amazon S3 Demystified: The Ultimate Guide + π§ Cheat sheet for Beginners & Pros πͺ
Learn with HJ
π° What is Amazon S3?
Amazon S3 (Simple Storage Service) is a scalable, durable, and secure object storage service offered by AWS.
π¦ Think of it like a giant cloud locker where you can store:
Files π
Images πΌοΈ
Videos π₯
Backups πΎ
Logs π
And moreβ¦
β
Itβs serverless, meaning you donβt manage infrastructureβAWS takes care of that.
β
Built to provide 11 nines of durability (99.999999999%)βyour data is safe.
β
Trusted by Netflix, Airbnb, and even NASA π for storage and delivery.
𧱠Key Concepts (Know These First π§ )
| Term | What It Means |
| Bucket | A container for objects (like a folder, but globally unique and powerful) |
| Object | A file you upload (can include metadata and ACLs) |
| Key | The unique name of the object in a bucket |
| Region | Where your bucket is physically hosted (e.g., us-east-1, ap-south-1) |
| Storage Class | Pricing tier depending on access frequency |
| ACL/Policy | Access control layers: who can read/write/delete |
π οΈ How to Create an S3 Bucket (Step-by-Step Walkthrough)
1οΈβ£ Open AWS Console β Go to S3 β Click on Create Bucket
2οΈβ£ Enter a globally unique bucket name (e.g., my-awesome-bucket-2025)
3οΈβ£ Choose the Region carefully (near users, or compliant with data laws like GDPR πͺπΊ)
4οΈβ£ Object Ownership β Recommend: ACLs disabled (you manage permissions through bucket policies)
5οΈβ£ Block Public Access β Keep enabled by default (disable only if you intend to host public content)
6οΈβ£ Versioning β Enable if you want to maintain historical versions of files π
7οΈβ£ Tags β Add useful tags like env:prod, owner:teamX for billing & automation
8οΈβ£ Encryption β Use SSE-S3 (AES-256) or SSE-KMS for compliance and data protection π
9οΈβ£ Advanced Settings β Enable access logs, Object Lock, Requester Pays, etc. if needed
π Click Create bucket π
π Bucket Properties (And Why They Matter)
| Property | What It Does | Why It Matters |
| Versioning | Keeps previous versions of objects | Accidental deletes? Rollback time π |
| Server-side Encryption | Encrypts files at rest | Meets security & compliance needs like HIPAA, GDPR |
| Access Logging | Logs every request to your bucket | π Helps with auditing, security tracing, and debugging |
| Tags | Metadata you define | Great for billing breakdowns or applying automation via Lambda |
| Transfer Acceleration | Speeds up uploads via AWS Edge | π Ideal if your users are globally distributed |
| Object Lock | Prevents deletion/modification | Use in compliance cases (legal hold, WORM enforcement) π‘οΈ |
π§βπ» Bucket Policies (Examples + How They Work)
Bucket policies use JSON syntax to allow or deny access. They work like firewalls for your bucket.
π Public Read-Only Bucket Policy (Static Website, Public Content)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket-name/*"
}
]
}
β
Replace "my-bucket-name" with your actual bucket name.
π Donβt forget to disable "Block All Public Access" under the Permissions tab or this wonβt work!
π Public Access URLs
Once your file is uploaded and the bucket allows public reads, hereβs how your file is accessed:
https://<bucket-name>.s3.<region>.amazonaws.com/<file-name>
β Example:
https://my-bucket-name.s3.ap-south-1.amazonaws.com/cat-video.mp4
This can be shared directly, embedded in websites, or used in apps.
πΌ Real-World Use Cases for Amazon S3
| Use Case | Description |
| π¬ Static Website Hosting | Host HTML/CSS/JS files with optional CloudFront CDN for HTTPS |
| π§Ύ Log Storage | Store VPC Flow logs, CloudTrail logs, app logs for analysis |
| π₯ Media Storage | Video/audio/images at scale with optional lifecycle transitions to Glacier |
| π¦ Backup & Archive | Replace on-prem tape storage with S3 & S3 Glacier Deep Archive |
| π€ ML/AI Training Data | Store labeled datasets for AI models or SageMaker training |
| βοΈ CI/CD Artifacts | Push ZIP files, Lambda packages, or Terraform states |
| π¨ Email Attachments | Store links to files rather than attach large files to emails |
β‘ Amazon S3 CLI Cheatsheet (Your Developer Power Pack βοΈ)
| Command | What It Does | Tips / Notes |
aws s3 ls | List all your buckets | Use s3://bucket-name/ to list contents |
aws s3 mb s3://my-bucket | Make a new bucket | Must be globally unique |
aws s3 rb s3://my-bucket | Remove bucket | Bucket must be empty |
aws s3 cp file.txt s3://my-bucket/ | Upload a file | Use --recursive for folders |
aws s3 cp s3://my-bucket/file.txt . | Download file from S3 | |
aws s3 mv | Move files | Useful in automation |
aws s3 sync . s3://my-bucket/ | Sync folders | Great for backups & deployments |
aws s3 presign s3://my-bucket/file.txt | Get temporary signed URL | Default expiry: 3600 seconds (1 hr) |
aws s3api get-bucket-location --bucket my-bucket | Get region of bucket | Handy in multi-region setups |
aws s3api list-object-versions --bucket my-bucket | See versioned files | Needs versioning enabled |
aws s3api put-bucket-policy --bucket my-bucket --policy [file://policy.json](file://policy.json) | Apply policy | Used in automation or IaC tools |
aws s3api delete-object --bucket my-bucket --key file.txt | Delete file | You can version-delete if needed |
aws s3api put-object-lock-configuration ... | Apply Object Lock for compliance | WORM: Write Once Read Many π‘οΈ |
aws s3api head-object --bucket my-bucket --key file.txt | Get file metadata (size, last modified) | Quick inspection via CLI |
aws s3api get-object-acl --bucket my-bucket --key file.txt | See file-level permissions | For debugging ACLs |
aws s3api put-object-tagging ... | Add tags to an object | Great for organizing data π |
π Final Thoughts
Amazon S3 isnβt just a dumping ground for filesβitβs a full-fledged, secure, highly-available storage platform that powers modern data-driven apps.
β
Use IAM roles for EC2 or Lambda access
β
Set Lifecycle policies to auto-transition objects and save cost
β
Enable logging for compliance and monitoring
β
Use event notifications to trigger Lambda functions πͺ
π¬ Got questions about S3 or want more CLI tips?
Letβs chat in the comments! Or tag your team π₯βtheyβll thank you later.
π’ Share this post with your teamβitβs the only S3 guide theyβll need!
#AWS #S3 #CloudStorage #DevOps #Serverless #CLI #S3Cheatsheet #BucketPolicy #StaticHosting #DataEngineering #AmazonS3 #CloudSecurity #BeginnerFriendly #CloudArchitect #CloudTutorial
So, whether you're seeking cloud advice, a good laugh, or simply a friendly chat about cloud and coffee preferences, I'm just a click away on these cloud-tastic platforms. See you in the cloudisphere, fellow cloud builders! πβοΈπ
LinkedIn: Connect with me on LinkedIn, where my cloud prowess is only rivalled by my talent for finding the perfect GIF for every situation. ππΌ hardeepjethwani@LinkedIn
TopMate: Looking for a fellow cloud aficionado to share a virtual coffee with or brainstorm your next AWS masterpiece? Find me on TopMate! Because let's face it, cloud enthusiasts need to stick together. βπ€ hardeepjethwani@topmate
Instagram: For behind-the-scenes glimpses of my cloud adventures and occasional 'AWS Gone Wild' stories that even AWS engineers find amusing. πΈπ©οΈ hardeepjethwani@Instagram
X: Join the cloud conversation on Twitter, where I drop cloud knowledge and quirky cloud memes faster than you can say 'Elastic Beanstalk.' π¦βοΈ hardeepjethwani@X
Want to support my cloud adventures and keep the coffee flowing? Feel free to buy me a virtual coffee. After all, coffee is the secret sauce behind every successful cloud deployment. βπ
Subscribe to my newsletter
Read articles from Learn with HJ directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Learn with HJ
Learn with HJ
Hey there! π I'm Hardeep Jethwani (HJ), your resident cloud aficionado and code maestro, proudly navigating the ever-changing seas of AWS Cloud and Full Stack Development for ~5 glorious years and counting. βοΈπ» Currently, I'm orchestrating the tech symphony as part of Team HSBC Bank, where I'm on a mission to enhance the banking experience through the magic of technology. ππΌ In my past life at Capgemini, I led exciting adventures like migrating critical applications to the cloud (18 and counting!). I had databases waltzing into the AWS Cloud, sprinkling a bit of containerization magic along the way. AWS managed services like RDS, Lambda, ECS, and friends? They were my trusty sidekicks. π©π§ When not automating deployments with CI/CD finesse (think AWS CodePipeline, CodeBuild, and CodeDeploy), you might find me designing infrastructure like a digital architect using AWS CloudFormation. Security is my jam β I've got WAF, Security Groups, MFA, Cognito, and even a secret club in private subnets to keep things safe. ππββοΈ On top of all that, I'm on a mission to reduce carbon footprints because, why not? HSBC's commitment to sustainability is my heart and soul. We're going for NET ZERO carbon footprint, and I'm leading the charge, one container at a time! ππ± And yes, the fun doesn't stop at work. In my past life at Tata Consultancy Services, I co-created a multi-tier Point of Sale application with a global footprint, touching the lives of billions. My automation tools were so efficient that even Father Time was left scratching his head. β³π‘ If you're in need of a cloud-savvy comedian or a code deployment magician, look no further. Let's chat about tech, swap automation tales, or share some coding humor over a virtual coffee. Oh, and don't worry; I promise not to write code in my sleep (well, most of the time). Cheers to cloud adventures! βπ