Limitations of Amazon S3

 Here are the key limitations of Amazon S3:

  1. S3 Access Grants Instance: You can create only 1 S3 Access Grants instance per AWS Region per account.

  2. S3 Access Grants Locations: You can register up to 1,000 S3 Access Grants locations per S3 Access Grants instance.

  3. Grants: You can create up to 100,000 grants per S3 Access Grants instance.

  4. Bucket Naming: The bucket name you choose must be unique across all existing bucket names in Amazon S3. Each AWS account can have up to 100 buckets at a time.

  5. Object Size: The maximum object size that can be uploaded in a single PUT operation is 5 GB. For larger objects, you should use the Multipart Upload capability.

  6. Total Object Size: The total object size can range from 0 Bytes to 5 Terabytes.

  7. Firehose Delivery to S3: If you encounter "InternalServerError" when delivering data to an S3 bucket, it could be due to high request rates on a single partition in S3. You can optimize the S3 prefix design patterns to mitigate this issue.

  8. Data Integrity Checking:

    • Amazon S3 verifies data integrity by supporting four checksum algorithms (SHA-1, SHA-256, CRC32, or CRC32C).
    • You can access the checksum information using the GetObjectAttributes S3 API or S3 Inventory reports.

  9. Network Access:

    • Amazon S3 is accessible through AWS-published APIs, which require clients to support TLS 1.2 (or TLS 1.3) and cipher suites with Perfect Forward Secrecy.
    • You can use resource-based access policies, such as bucket policies, to control access to S3 buckets from specific IP addresses or VPC endpoints.

  10. Security Best Practices:

    • Consider using VPC endpoints for Amazon S3 access.
    • Identify and audit all your Amazon S3 buckets.

Comments

Post a Comment

Popular posts from this blog

How to reduce the EBS snapshots storage cost

Here are some ways to reduce the storage costs for Amazon EBS snapshots: Leverage the EBS Snapshots Archive storage tier: The EBS Snapshots Archive tier is much cheaper, costing about $0.0125 per GB-month compared to the standard tier's $0.05 per GB-month.  It's ideal for archiving infrequently accessed snapshots like monthly, quarterly, or yearly backups.  Retrieving data from the archive tier costs an additional $0.03 per GB. Optimize snapshot retention: Regularly review and delete unnecessary snapshots, especially older ones not part of the current volume lineage.  Consolidate multiple incremental snapshots into a single full snapshot to reduce storage footprint. Disable and archive snapshots for unused AMIs: Disable unused Amazon Machine Images (AMIs) to prevent new instances from launching.  Archive their snapshots to the lower-cost EBS Snapshots Archive tier to maintain compliance and reduce storage costs for rarely accessed snapshots. Please see  Snapshot...
Read more

Where the EBS snapshot stores and snapshot charges

Your Amazon EBS snapshots are stored in Amazon S3. When you create an EBS snapshot, it is automatically stored in the S3 bucket associated with your AWS account. The specific location where the snapshot is stored is not directly accessible to you, as AWS manages the underlying storage infrastructure. Here are a few key points about where your EBS snapshots are saved: EBS snapshots are stored in the AWS region where you created them. Each AWS region has its own set of S3 buckets where the snapshots are stored. The snapshots are stored in a secure, durable, and highly available manner within the S3 infrastructure. AWS manages the storage and replication of your snapshots to ensure data durability and availability. You can view the list of your EBS snapshots in the AWS Management Console, but you cannot directly access the S3 bucket or location where they are stored. AWS manages the storage and retrieval of your snapshots on your behalf. If you need to restore an EBS volume from a snapsho...
Read more

Difference between full snapshots and incremental snapshots

The differences between full snapshots and incremental snapshots in Amazon EBS are: Snapshot Type: Incremental snapshots: These snapshots only store the changed data blocks since the last snapshot, making them more efficient and cost-effective for frequent backups. Full snapshots: When you archive an incremental snapshot, it is converted to a full snapshot that includes all the blocks written to the volume at the time the snapshot was created. Incremental snapshots store only changed data blocks since the last snapshot, making them efficient and cost-effective for frequent backups.  When the increamental snapshot is archived, they are converted to full snapshots , that including all blocks written to the volume at the time of snapshot creation. Storage Tier: Incremental snapshots are stored in the Standard tier by default. Full snapshots are stored in the Archive tier after being converted from an incremental snapshot. Retrieval and Cost: Incremental snapshots in the Standard tie...
Read more

Snapshot storage tier types and cost difference

The key points on the different storage tiers and cost differences for EBS snapshots: Standard Tier: This is the default storage tier for EBS snapshots. Snapshots stored in the standard tier are incremental, meaning only the changed data blocks are stored. The pricing for the standard tier varies by AWS region, but is typically around $0.05 per GB-month. Archive Tier: The archive tier is a lower-cost storage option for rarely accessed snapshots. When you archive a snapshot, it is converted to a full snapshot (not incremental) and moved to the archive tier. The pricing for the archive tier is significantly lower, typically around $0.0125 per GB-month. However, there is an additional charge for retrieving data from the archive tier, around $0.03 per GB. Cost Savings: Archiving infrequently accessed snapshots to the lower-cost archive tier can result in significant cost savings, up to 75% compared to the standard tier. The savings are more substantial at larger scales, where there are mul...
Read more

Pros and cons of On-Demand, Reserved, Spot and Saving Plans EC2 instances

The pros and cons of the on-demand pricing model for EC2 instances are: Pros: Flexibility: On-demand instances allow you to scale your compute resources up or down as needed, without any long-term commitments. No upfront costs: With on-demand, you only pay for the compute capacity you use, without any upfront payments or long-term contracts. Suitable for unpredictable workloads: On-demand is well-suited for applications with short-term, spiky, or unpredictable workloads that cannot be interrupted. Ideal for development and testing: On-demand instances are a good choice for workloads like pre-production environments, experiments, and proofs of concept. Cons: Higher costs for long-term, steady-state workloads: Compared to other pricing models like Reserved Instances or Savings Plans, on-demand instances can be more expensive for long-term, steady-state workloads. No long-term discounts: On-demand instances do not offer any long-term discounts or commitments, unlike Reserved Instances...
Read more

Difference b/w General-purpose and a Directory bucket in Amazon S3

  The key differences between a general-purpose S3 bucket and a directory bucket in Amazon S3 are: Purpose: General purpose S3 buckets are the standard type of S3 buckets used for storing objects. Directory buckets are a specialized type of S3 bucket designed for use with the AWS Application Discovery Service. Naming Conventions: General purpose S3 bucket names must be unique across all AWS accounts and regions. Directory bucket names must follow a specific naming convention:  <name>--azid--x-s3 , where  <name>  is a unique identifier. Inactive State: Directory buckets that have no request activity for at least 90 days can transition to an inactive state, where they become temporarily inaccessible for reads and writes. General purpose S3 buckets do not have this inactive state behaviour. Access and Permissions: Access to directory buckets is typically restricted to users with permissions to the AWS Application Discovery Service and Migration Hub. General ...
Read more

What factors matter for EC2 charges and pricing model

The cost difference between EC2 instances can vary based on several factors, such as: Instance Type: Different EC2 instance types (e.g., T3, M6i, R5) have different pricing based on their CPU, memory, storage, and networking capabilities. Operating System: The cost can differ between Linux and Windows instances, as Windows instances typically have an additional charge for the Windows license. Pricing Model: AWS offers different pricing models for EC2 instances, including On-Demand, Reserved Instances, Savings Plans, and Spot Instances. Each model has its own pricing structure and potential cost savings. Region: The cost of EC2 instances can vary depending on the AWS Region where the instance is launched. Additional Services: The cost can also be affected by the use of additional services, such as Elastic Block Store (EBS) volumes, Elastic IP addresses, or data transfer. The main pricing models for Amazon EC2 instances are : On-Demand Instances: This is the pay-as-you-go model where...
Read more

On which AWS region I can store my S3 data

When deciding which AWS Region to store your data in, there are several key factors to consider: Proximity to Users: Choose a Region that is geographically close to your users or customers to minimize data access latency and improve application performance. Regulatory and Compliance Requirements: Certain industries or regions may have specific data residency, sovereignty, or compliance requirements that dictate which AWS Region you must use. Availability of Services: Ensure that the AWS services and features you require are available in the selected Region. Disaster Recovery and Redundancy: For critical workloads, you may want to consider storing data in multiple Regions for geographic redundancy and disaster recovery purposes. Pricing and Costs: Regions may have different pricing for AWS services, so you should evaluate the costs associated with storing and accessing your data in different Regions. To choose an AWS Region, you can: Use the AWS Management Console to view the availa...
Read more

Key features of EC2 instance types (Families M, T, A, C, Hpc, R, X, U, I, D, P, G)

The key features of general-purpose EC2 instances are: Balanced compute, memory, and networking resources: General purpose instances are designed to provide a balance of computing, memory, and networking resources. They are suitable for applications that require these resources in equal proportions, such as web servers and code repositories. Burstable performance: The T instance family, also known as burstable performance instances, provides a baseline CPU performance that can burst above the baseline when needed. These instances suit workloads that don't require sustained high CPU performance. Flexibility in instance size: Each instance type includes one or more instance sizes, allowing you to scale your resources to the requirements of your target workload. Support for multiple network interfaces: EC2 instances support multiple network interfaces, enabling management and data plane isolation at the network level. Placement group control: EC2 offers placement groups, which provide...
Read more

Differences between an IAM User and Role

The main differences between an IAM User and an IAM Role are: Identity Association : An IAM User is uniquely associated with a single person or application. An IAM Role is not associated with a specific person, but can be assumed by anyone who needs it. Credentials : IAM Users have long-term credentials like a password or access keys. IAM Roles do not have long-term credentials. Instead, they provide temporary security credentials when the role is assumed. Use Cases : IAM Users are typically used for individual users or applications that require long-term access to AWS resources. IAM Roles are used for scenarios where you want to grant temporary access to AWS resources, such as when an EC2 instance needs to access other AWS services. Permissions : Both IAM Users and IAM Roles can be granted specific permissions using IAM policies. The permissions for an IAM Role are defined by the policies attached to the role, and can be assumed by any entity that has been granted permission to do so....
Read more