Learn about S3's reliability guarantees, object revisions, and restoration.
- [Instructor] Let's talk about S3s availability and durability. Availability refers to the S3 service itself. Will S3 respond when you make a request to store or retrieve an object? Durability refers to S3s ability to keep your data without corrupting it or losing it. So, here are the numbers. Objects stored in S3 are 99.99% available in standard storage mode. And as for durability, well let's see, that's 99.999999999% durable within a year.
That's 11 nines. AWS claims that with that level of reliability, if you were to store 10,000 objects in S3, you might lose one object every 10 million years. That's a level of certainty that goes well beyond that of any fiscal storage you might maintain yourself, no matter how redundant you build it. As for that availability, well, 99.99% up time doesn't mean that S3 never goes down, but if if does, the service level agreement clock starts ticking. If S3 is out long enough, users will start to see refunds on their bill.
This actually happened in early 2017 when a misconfiguration caused S3 to go down for several hours. With so many customers, you can bet this money-back guarantee provides AWS with motivation to keep their services running. Curiously, the wide array of services that suffered concurrent service interruptions, such as Slack, Trello and many more, only serves to demonstrate how widely used and trusted S3 is as a cloud data storage provider. During that time, those companies weren't scrambling to restore their service, they knew they could rely on AWS's world-class engineers to keep them informed and correct the problem.
AWS offers multiple ways for you to secure your data in S3, with both client side and server side encryption. Once enabled, server side encryption in S3 provides seamless encryption of data at rest. At rest means while the data is sitting in S3. Seamless means that the client doesn't even need to know about the encryption in order for it to work. Objects uploaded to S3 get encrypted before they're stored, while objects downloaded from S3 get decrypted before they're sent to you. When you create a bucket, you're offered three choices.
You can encrypt with an S3 dedicated key that is specific to your account. It's auto-generated by AWS and shared with no one. You can encrypt with a KMS key, or key management service key, of your own creation. KMS is an AWS service that lets users generate encryption keys and helps with tasks like rotating and expiring them over time. Finally, you can encrypt with your own BYO key, which means client side encryption. In this case, you'll handle encryption and decryption before you pass data off to S3.
In all other scenarios, how about encryption in transit? Requests to and from S3 made via the AWS console are always encrypted via SSL. Requests using the AWS CLI are too. Any REST request is encrypted as long as it's made via HTTPS. If you make REST requests over plain HTTP, your data will not be encrypted in transit. S3 provides three different tiers of storage. Within a single bucket, individual objects can exist in one of the following: normal, infrequent access, and glacier tiers.
Normal storage is the default, highly durable S3 storage. As you go down the tiers, storage becomes cheaper, but there are trade offs. Infrequent access is essentially the same as normal, but with fewer nines of availability guaranteed. Its durability is the same. Glacier is cold storage and it sacrifices access time for storage, but again, its durability matches that of S3 normal. Steps for downloading files from Glacier are a bit more involved than those of S3, but then, it's designed for long-term archiving of data.
There's also another tier called reduced redundancy, which is the only tier to sacrifice nines on durability, but it still beats a hard drive and a rack-mounted server. If your use case allows you to sacrifice durability for cost, this can be an attractive storage tier. The first two options are directly configurable per object, while glacier type storage in S3 can only be achieved as a result of a data lifecycle management policy. For more details, see Amazon's documentation on S3 storage classes.
So let's head to the web browser where we'll look at how to set up a bucket, upload data, and configure options like the ones I've just described.
Join AWS architect Brandon Rich and learn how to configure object storage solutions and lifecycle management in Simple Storage Service (S3), a web service offered by AWS, and migrate, back up, and replicate relational data in RDS. Find out how to leverage flexible network storage with Elastic File System (EFS), and use the new AWS Glue service to move and transform data. Plus, learn how Snowball can help you transfer truckloads of data in and out of the cloud.
- What is data management?
- AWS S3 basics
- S3 bucket creation
- S3 upload and logging
- S3 event notifications
- S3 data lifecycle configuration
- Working with Amazon Elastic Block Store volumes
- Creating and mounting an EFS
- Creating an AWS RDS instance
- RDS backup and recovery
- Moving data with AWS Database Migration Service
- Moving data with Data Pipeline and Glue