S3 Bucket Level Operations

Bucket Level Operations

Here are the list of some bucket level operations with their explanation.

a) Versioning

Means keeping multiple variants of an object in the same bucket. Once enabled for a bucket. We can't disable it. Also Even after enabling it will take effect only for new objects. This option can be used to protect from unintended overwrites and deletions and allows us the ability to retrieve and restore deleted objects or rollback to previous versions

b) Multipart Delete

To be used to delete large number of objects from S3. The largest object that can be uploaded in a single PUT is 5 gigabytes. For objects larger than 100 megabytes, customers should consider using the Multipart Upload capability.

Note : Both empty and Non-empty buckets can be deleted

c) Encryption

(i)  Data In transit – By using SSL

(ii) Data at rest     – Client side encryption - Encrypt and Upload

                            – Server side encryption ( Req AWS to encrypt before saving)

o   with Amazon s3 managed keys (SSE –S3)

o   with KMS managed keys (SSE –KMS)

o   with customer provided keys (SSE – C)

d) Cross Region replication

This is a Bucket level feature which enables automatic asynchornous copying of objects of one bucket to a another bucket in different AWS region.

To activate Add replication configuration to your source bucket and provide info of destination bucket.

We can request Amazon S3 to replicate all (or) a subset of object with specific key name prefix. Replica will have same key name, metadata, creation time, owner, version, ACL and storage class.

Requirements for cross region replication -

           Version must be enabled

           Different region

           Between Different account is also possible (i.e) Cross account

When using VPC with S3, use VPC S3 endpoints as are horizontally scaled, redundant, and highly available VPC components

e) Server access logging

In Order to track requests fir access to your bucket, you can enable this option. Each request has "requestor, bucket name, time, status and error code:

There is no extra charge for enabling server access logging on an Amazon S3 bucket; however, any log files the system delivers to you will accrue the usual charges for storage.

(You can delete the log files at any time.) No data transfer charges will be assessed for log file delivery, but access to the delivered log files is charged the same as any other data transfer.