Welcome to Day 4 of your AWS 30-Day Roadmap.
We have covered the theory (Day 1), the tools (Day 2), and the dashboard (Day 3). Today, we store our first piece of data.
Amazon S3 (Simple Storage Service) is the backbone of the internet.
- When you watch Netflix, the movie is streaming from S3.
- When you download a file from Dropbox, it is often coming from S3.
- When you view images on Airbnb, they are stored in S3.
S3 is arguably the most successful cloud product in history. It is infinite, it is durable, and it is cheap. In this guide, we are going to go far beyond the “basics.” We are going to learn how S3 actually works, how to secure it, how to save money with Storage Classes, and how to host a website on it for pennies.
What is Object Storage? (The “Valet Parking” Analogy)
To understand S3, you must unlearn how your laptop works.
Block Storage (Your Laptop)
Your computer uses a file system (NTFS, APFS, EXT4).
- You edit a file, and the computer rewrites specific blocks on the disk.
- It’s like a Self-Park Garage. You drive in, you find a spot, you lock the car. If you want to change something, you go back to the car.
- Limitation: It’s hard to share that disk with millions of people at once.
Object Storage (Amazon S3)
S3 uses a flat structure.
- You don’t “edit” files. You upload a new version of the file.
- It’s like Valet Parking. You hand your keys (file) to the valet (AWS). They give you a ticket (Key/URL). You don’t know where the car is parked. You don’t care. When you want it back, you give them the ticket, and they bring the car.
- Advantage: The valet lot can be infinite. They can park cars in the next city if they need to. You never run out of space.
The Core Anatomy of S3
There are four concepts you must memorize.
1. Buckets (The Container)
A Bucket is a container for objects.
- Global Uniqueness: Names must be unique across all of AWS. If I take the name
my-photos, you cannot have it. Not just in your account—in the world. - Region Specific: A bucket lives in a specific region (e.g., N. Virginia). Data never leaves that region unless you explicitly move it.
2. Objects (The Files)
An Object is the fundamental entity stored in S3. It consists of:
- Key: The name of the file (e.g.,
photos/vacation.jpg). - Value: The data itself (bytes).
- Metadata: Data about the data (e.g.,
content-type: image/jpeg,date-uploaded: 2025-05-11).
3. Keys (The Path)
S3 doesn’t actually have folders. It just pretends to.
- If you upload a file named
photos/2025/beach.jpg, S3 just sees one long string. - The console uses the
/character to display it as folders for your convenience.
4. Durability vs. Availability
- Durability (11 9s): 99.999999999%. This is the probability that your file will not disappear. If you store 10,000 files, you might lose one every 10 million years.
- Availability (4 9s): 99.99%. This is the probability that you can access the file right now. (i.e., The service is not down).
S3 Storage Classes (How to Save Money)
Not all data is created equal. A passport scan you need once every 10 years is different from a profile picture you need every time you log in. S3 has different “tiers” for this.
1. S3 Standard (The Default)
- Use Case: Frequently accessed data.
- Speed: Millisecond access.
- Cost: The most expensive storage class (but still cheap).
2. S3 Intelligent-Tiering (The Smart Choice)
- Use Case: Data with unknown or changing access patterns.
- How it works: AI monitors your files. If you haven’t touched a file in 30 days, it moves it to a cheaper tier automatically. If you access it, it moves it back.
- Recommendation: Use this as your default for most projects.
3. S3 Standard-IA (Infrequent Access)
- Use Case: Backups, disaster recovery.
- Trade-off: Cheaper storage fee, but you pay a retrieval fee if you access the file.
4. S3 Glacier (The Deep Freeze)
- Use Case: Archives, compliance data (tax records).
- Trade-off: Extremely cheap (pennies per TB), but it takes minutes or hours to retrieve the file. You cannot stream a video from Glacier.
Security (The “Block Public Access” Feature)
S3 Security is infamous because people keep configuring it wrong. You have read headlines like “Data Leak: 1 Million Records Exposed in Open S3 Bucket.”
Let’s prevent that.
1. Block Public Access (The Safety Switch)
When you create a bucket, AWS turns on “Block all public access” by default.
- What it does: It overrides all other permissions. Even if you try to make a file public, this setting says “NO.”
- Rule: Keep this ON unless you are hosting a public website.
2. Bucket Policies (The Bouncer)
A JSON document attached to the bucket that defines who can do what.
- Example: “Allow User Bob to Upload, but only Allow User Alice to Read.”
3. ACLs (Access Control Lists)
- Rule: Disable these. They are a legacy feature from 2006. Use Bucket Policies instead.
Static Website Hosting (The Magic Trick)
This is the coolest feature for beginners. You can host a full website on S3 without a server.
How it works:
- Upload your
index.htmlandstyle.css. - Turn off “Block Public Access.”
- Enable “Static Website Hosting” in the properties.
- Add a Bucket Policy allowing
GetObjectto*(Everyone). - Result: AWS gives you a URL (e.g.,
http://my-bucket.s3-website-us-east-1.amazonaws.com). Your site is live!
Cost: Usually less than $0.50 per month.
Hands-On Lab (Upload Your First File)
Let’s do this together.
Step 1: Create a Bucket
- Go to S3 Console -> Create bucket.
- Name:
day4-demo-[yourname]-[year]. - Region:
US East (N. Virginia). - Block Public Access: Leave checked (Safety first!).
- Click Create bucket.
Step 2: Upload a File
- Open your new bucket.
- Click Upload -> Add files.
- Select a funny meme or a text file from your computer.
- Click Upload.
Step 3: Test Security
- Click on the file name to see its properties.
- Find the Object URL (https://…).
- Click it.
- Result:
AccessDenied.- Why? Because your bucket is private! This is good. It means your security is working.
Step 4: The Pre-Signed URL (The Secret Pass)
- Select the file checkbox.
- Click Actions -> Share with a presigned URL.
- Set “Time interval” to 1 minute.
- Copy the URL and paste it into a new tab.
- Result: You can see the file!
- Why? You generated a temporary “guest pass” that expires in 60 seconds. This is how secure apps share private content.
Versioning (The Time Machine)
What happens if you accidentally delete a file? Or overwrite your thesis with a blank document?
S3 Versioning saves you.
- When enabled, S3 keeps every version of an object.
- If you upload
report.docx(v1) and then uploadreport.docx(v2), S3 keeps both. - If you delete
report.docx, S3 inserts a “Delete Marker,” but the file is still there hidden. You can restore it.
Warning: You pay for storage of all versions. If you overwrite a 1GB file 10 times, you are paying for 10GB.
Conclusion & Best Practices
You now understand the “Hard Drive of the Cloud.”
Day 4 Checklist:
- Use S3 Standard for active files, Glacier for archives.
- Keep Block Public Access ON unless necessary.
- Enable Versioning to prevent accidental deletions.
- Use Bucket Policies for security, not ACLs.
Tomorrow, on Day 5, we finally launch a computer. We will dive into EC2 (Elastic Compute Cloud), where we will configure a Linux server, SSH into it, and install a web server.
Your data is safe. Now let’s build something to process it.
Can’t stand the suspense? Skip the wait! Members unlock the next chapter instantly and get exclusive early access to every future update.
Become a Member
