Pass the AWS Certified Solutions Architect Associate Certification SAA-C03-(Episode 10: S3 Introduction)
📌 Notice
Welcome to the series of blog in my AWS Certified Solutions Architect Associate (SAA-C03) exam preparation series! If you’re looking to pass this challenging yet rewarding certification, you’re in the right place.
Throughout this blog series, you’ll master core AWS architecture concepts — from IAM security fundamentals to advanced VPC networking, cost-optimized EC2 deployments, serverless patterns with Lambda, and multi-region disaster recovery strategies. We’ll break down all key services (S3, RDS, CloudFront etc.) through real-world solution architectures and exam-focused scenarios. Each post will include hands-on walkthroughs, pro tips for the SAA-C03 exam, and best practices used by AWS professionals. Get ready to transform from AWS beginner to certified Solutions Architect!
Note : The blog will be updated with the extra questions and CDK Implementation in a timely manner
🌟 Introduction
Amazon Simple Storage Service (S3) is one of the most widely used cloud storage solutions, offering scalable, secure, and highly durable object storage. Whether you’re a developer, data engineer, or business owner, S3 provides a versatile platform for storing and managing data efficiently. From backups and disaster recovery to hosting static websites and big data analytics, S3 supports a wide range of use cases.
In this blog, we’ll explore the key features of Amazon S3, including buckets, objects, security, storage classes, and replication. We’ll also dive into practical use cases to help you understand how S3 can be leveraged for different business needs.
Amazon S3 Use cases
Amazon S3 is designed for a variety of storage needs, including:
- Backup and Storage — Securely store critical business data with high durability.
- Disaster Recovery — Maintain resilient backups to recover from failures.
- Archive — Long-term storage for compliance and historical data.
- Hybrid Cloud Storage — Extend on-premises storage to the cloud.
- Application Hosting — Store application data, configurations, and assets.
- Media Hosting — Deliver images, videos, and other media files globally.
- Data Lakes & Big Data Analytics — Store and analyze vast amounts of structured/unstructured data.
- Software Delivery — Distribute software packages and updates.
- Static Websites — Host cost-effective, scalable static websites.
Amazon S3 Buckets and Objects
Buckets
- Globally unique names (across all AWS accounts and regions).
- Region-specific — Created in a selected AWS region.
- Naming rules:
- 3–63 characters, lowercase letters, numbers, hyphens.
- No underscores, uppercase letters, or IP-style names.
- Must not start with
xn--or end with-s3alias.
Objects
- Key — The full path (e.g.,
s3://my-bucket/folder/file.txt). - No real directories — Just keys with
/separators. - Max size — 5TB (use multi-part upload for files >5GB).
- Metadata & Tags — System/user-defined metadata and tags for organization.
- Versioning — Track and restore previous versions of files.
Hands-On : Click Here
Amazon S3 Security
S3 provides multiple layers of security:
- User-Based (IAM Policies) — Control access via AWS Identity and Access Management.
- Resource-Based
- Bucket Policies — Define cross-account access and public permissions.
- Object ACLs — Fine-grained access control (can be disabled).
- Encryption — Secure data at rest and in transit.
Bucket Policies & Public Access
- Use JSON-based policies to grant/deny access.
- Block Public Access — Prevent accidental exposure of sensitive data.
S3 Bucket Policies
Example: Public Access — Use Bucket Policy
Example: User Access to S3 — IAM permissions
Example: EC2 instance access — Use IAM Roles
Advanced: Cross-Account Access –Use Bucket Policy
Bucket settings for Block Public Access
- These settings were created to prevent company data leaks
- If you know your bucket should never be public, leave these on
- Can be set at the account level
Hands-On — Click Here
Amazon S3 — Static Website Hosting
- S3 can host static websites and have them accessible on the Internet
- The website URL will be (depending on the region)
• http://bucket-name.s3-website-aws-region.amazonaws.com
OR
• http://bucket-name.s3-website.aws-region.amazonaws.com - If you get a 403 Forbidden error, make sure the bucket policy allows public reads!
Hands-On — Click Here
Amazon S3 — Versioning
- You can version your files in Amazon S3
- It is enabled at the bucket level
- Same key overwrite will change the “version”: 1, 2, 3….
- It is best practice to version your buckets
- Protect against unintended deletes (ability to restore a version)
- Easy roll back to previous version
Notes:
• Any file that is not versioned prior to enabling versioning will have version “null”
• Suspending versioning does not delete the previous versions
Hands-On — Click Here
Amazon S3 — Replication (CRR & SRR)
Key Requirements
Before setting up replication, ensure:
✅ Versioning is enabled on both source and destination buckets.
✅ Proper IAM permissions are granted to allow S3 to replicate objects.
✅ Buckets can be in different AWS accounts, making cross-account replication possible.
Replication Behavior
- Asynchronous copying — Objects are replicated in the background.
- Only new objects are replicated by default — Existing objects require S3 Batch Replication for syncing.
- Handling deletes:
- Delete markers can optionally be replicated (useful for keeping buckets in sync).
- Versioned deletions (deletes with a version ID) are not replicated (prevents malicious deletions).
No Replication Chaining
- If Bucket 1 → Bucket 2 → Bucket 3, objects from Bucket 1 do NOT automatically replicate to Bucket 3.
- Replication only works one level deep (direct source to destination).
Hands-On — Cick Here
Use cases:
• CRR — compliance, lower latency access, replication across accounts
• SRR — log aggregation, live replication between production and test accounts
S3 Storage Classes
Before diving into storage classes, it’s important to distinguish between two key concepts:
Durability (99.999999999%)
- All S3 storage classes offer eleven nines (99.999999999%) durability.
- This means if you store 10 million objects, you might lose one object every 10,000 years.
- Data is distributed across multiple Availability Zones (AZs) for protection.
Availability (Varies by Class)
- Measures how often your data is accessible.
- Example: S3 Standard offers 99.99% availability (~53 minutes of downtime/year).
Hands-On — Click Here
1. S3 Standard — General Purpose
- Best for: Frequently accessed data
- Availability: 99.99%
- Features:
Low latency, high throughput
Resilient to 2 concurrent AZ failures
Use Cases: Big Data analytics, mobile & gaming applications, content
distribution.
2. S3 Storage Classes — Infrequent Access
A. S3 Standard-IA
- Availability: 99.9% (single AZ only)
- For data that is less frequently accessed, but requires rapid access when needed
- Lower cost than S3 Standard
Use Cases: Disaster recovery backups, Long-term storage with occasional access
B. S3 One Zone-IA (One Zone-Infrequent Access)
- Availability: 99.5%
- Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
- High durability (99.999999999%) in a single AZ; data lost when AZ is destroyed
Use Cases: Storing secondary backup copies of on-premises data, or data you can recreate
3. Amazon S3 Glacier Storage Classes
A. Glacier Instant Retrieval
- Low-cost object storage meant for archiving / backup
- Pricing: price for storage + object retrieval cost
- Amazon S3 Glacier Instant Retrieval
• Millisecond retrieval, great for data accessed once a quarter
• Minimum storage duration of 90 days
Use Cases: Compliance archives, Rarely accessed data (e.g., quarterly reports)
B. Glacier Flexible Retrieval
- Amazon S3 Glacier Flexible Retrieval (formerly Amazon S3 Glacier): Expedited (1 to 5 minutes), Standard (3 to 5 hours), Bulk (5 to 12 hours) — free
- Minimum storage duration of 90 days
Use Cases: Media archives, Scientific data
C. Glacier Deep Archive
- Amazon S3 Glacier Deep Archive — for long term storage:
- Standard (12 hours), Bulk (48 hours)
- Minimum storage duration of 180 days
Use Cases: Regulatory archives, Data rarely accessed (e.g., 1–2 times/year)
4. S3 Intelligent-Tiering
- Small monthly monitoring and auto-tiering fee
- Moves objects automatically between Access Tiers based on usage
- There are no retrieval charges in S3 Intelligent-Tiering
Tiers:
- Frequent Access tier (automatic): default tier
- Infrequent Access tier (automatic): objects not accessed for 30 days
- Archive Instant Access tier (automatic): objects not accessed for 90 days
- Archive Access tier (optional): configurable from 90 days to 700+ days
- Deep Archive Access tier (optional): config. from 180 days to 700+ days
S3 Storage Classes Comparison
S3 Storage Classes — Price Comparison : Example: us-east-1
AWS Hands-On
- Creating and Managing Amazon S3 Buckets — Click Here
- S3 Bucket Policy — Click Here
- S3 Website — Click Here
- S3 Versioning — Click Here
- S3 Replication — Click Here
- S3 Storage Classes — Click Here
AWS Cloud Practitioner Questions
- S3 Introduction — Click Here
AWS Solution Architect Associate Questions
- AWS SAA-C03 Sample Questions — Will Update Soon
🧾 Conclusion
Amazon S3 is a powerful, flexible, and secure cloud storage solution that supports a wide range of applications — from simple backups to complex data lakes. With features like versioning, replication, and multiple storage classes, S3 ensures cost-efficiency, durability, and high availability for your data. Whether you’re hosting a static website, archiving old records, or enabling big data analytics, S3 provides the tools needed to manage storage effectively. By understanding its key components — buckets, objects, security, and storage tiers — you can optimize your cloud storage strategy for performance and cost.
Previous Episode : “Pass the AWS Certified Solutions Architect Associate Certification SAA-C03! (Episode 9: Classic Solution Architecture Discussions )”
Next Episode : “Pass the AWS Certified Solutions Architect Associate Certification SAA-C03! (Episode 11: S3 Advanced )”
