iTranslated by AI

The content below is an AI-generated translation. This is an experimental feature, and may contain errors. View original article

[AWS] S3: Do 'Folders' Really Not Exist? Illustrating the Mechanism of the Infinite 'Giant Warehouse'

に公開
AWS
S3
Security
図解
aws資格
tech

*This page includes promotions

Introduction: It's not just a file storage space

"S3 is just for uploading files, right?"
I used to think that way too.

In fact, S3 is the world's strongest "rental warehouse," boasting 99.999999999% (eleven nines) durability.
In this article, I'll organize the "internal mechanics" and "tips for cost-effective use" of S3 that are surprisingly unknown.

1. Buckets and Objects (Warehouse and Luggage)

First, let's look at the basic structure.

  • Bucket:
    • Example: Your dedicated "rental warehouse (container)."
    • Important Rule: Names must be globally unique. If someone else is using the name my-test, you cannot use it.
  • Object:
    • Example: The "luggage (files)" you put in the warehouse. Images, videos, logs—anything is fine.
  • Object Key (Key):
    • Example: A "long name tag" attached to the luggage.
    • Shocking Fact: There is no such box as a "folder" in S3.
    • There is simply a file named photos/2024/cat.jpg; it doesn't have a hierarchical structure like a PC (though the Management Console makes it look like there are folders).

2. Storage Classes (Choosing the right storage plan)

By changing your plan based on how often you move items in and out, you can dramatically reduce costs.

  • S3 Standard: "Frequent access plan." The standard.
  • S3 Standard-IA: "Infrequent access plan." Low storage cost, but retrieval fees apply.
  • S3 Glacier: "Cold storage plan." It takes several hours to "thaw" (retrieve), but it's extremely cheap. A graveyard for data you won't use for years.

3. Security (Gatekeeper and Permits)

If you see "Confidential data leaked!", it's likely a configuration error here.

  • Block Public Access:
    • Example: A "No Trespassing" sign.
    • Golden Rule: By default, keep everything blocked (ON). Only turn it OFF when you want to make it public on the Web.
  • Bucket Policy:
    • Analogy: "Entry rules written in JSON format."
    • Fine-grained control, such as "Allow only from specific IP addresses," is handled here.
  • ACL (Access Control List):
    • Note: An older mechanism (individual permits). Since Bucket Policies are now the mainstream approach, keeping this disabled is generally fine.

4. [Lifeline] Versioning (Time Machine)

  • Versioning:
    • Example: "History saving feature."
    • Even if you overwrite a file with the same name, it keeps everything as "Version 1," "Version 2," and so on in the background. Since you can restore data even if it's accidentally deleted, you should keep this ON for important data.

Summary

S3 is not just a "storage room"; depending on your settings, it can be a Web server or a robust safe.
Above all, please handle the "Public Access settings" with care! (I almost messed it up once...)

Afterword

Can you publish a website with just S3? S3 is not just a storage location. By using the "Static website hosting" feature, you can publish your portfolio site to the entire world for just a few yen per month. It's significantly cheaper than renting a server and is great for learning.

"Amazon Web Services Pattern-based Construction and Operation Guide, 2nd Revised Edition"
https://amzn.to/48YGZrz

Discussion