What is Amazon S3? - Amazon Simple Storage Service

Amazon S3 is an object storage service that stores data as objects within buckets. An object is a file and any metadata that describes the file. A bucket is a ... WhatisAmazonS3?-AmazonSimpleStorageService AWSDocumentationAmazonSimpleStorageService(S3)UserGuide FeaturesofAmazonS3HowAmazonS3worksAmazonS3dataconsistencymodelRelatedservicesAccessingAmazonS3PayingforAmazonS3PCIDSScompliance WhatisAmazonS3? AmazonSimpleStorageService(AmazonS3)isanobjectstorageservicethatoffers industry-leading scalability,dataavailability,security,andperformance.Customersof allsizesandindustriescanuseAmazonS3tostoreandprotectanyamountof dataforarangeofusecases,suchasdatalakes,websites,mobile applications,backupandrestore,archive,enterpriseapplications,IoT devices,andbigdataanalytics.AmazonS3providesmanagementfeaturesso thatyoucanoptimize,organize,andconfigureaccesstoyourdatato meetyourspecificbusiness,organizational,andcompliance requirements. Topics FeaturesofAmazonS3 HowAmazonS3works AmazonS3dataconsistencymodel Relatedservices AccessingAmazonS3 PayingforAmazonS3 PCIDSScompliance FeaturesofAmazonS3 Storageclasses AmazonS3offersarangeofstorageclassesdesignedfordifferentusecases.For example,you canstoremission-criticalproductiondatainS3Standardforfrequentaccess, save costsbystoringinfrequentlyaccesseddatainS3Standard-IAorS3OneZone-IA, and archivedataatthelowestcostsinS3GlacierInstantRetrieval,S3GlacierFlexible Retrieval,andS3GlacierDeepArchive. Youcanstoredatawithchangingorunknownaccesspatternsin S3Intelligent-Tiering,whichoptimizesstoragecostsby automaticallymovingyourdatabetweenfouraccesstierswhen youraccesspatternschange.Thesefouraccesstiersincludetwo low-latencyaccesstiersoptimizedforfrequentandinfrequent access,andtwoopt-inarchiveaccesstiersdesignedfor asynchronousaccessforrarelyaccesseddata. Formoreinformation,seeUsingAmazonS3storageclasses.Formoreinformation aboutS3GlacierFlexibleRetrieval,seetheAmazonS3GlacierDeveloperGuide. Storagemanagement AmazonS3hasstoragemanagementfeaturesthatyoucanusetomanagecosts, meetregulatoryrequirements,reducelatency,andsavemultiple distinctcopiesofyourdataforcompliancerequirements. S3Lifecycle–Configurealifecycle policytomanageyourobjectsandstorethemcost effectivelythroughouttheirlifecycle.Youcan transitionobjectstootherS3storageclassesorexpire objectsthatreachtheendoftheirlifetimes. S3ObjectLock–PreventAmazonS3 objectsfrombeingdeletedoroverwrittenforafixed amountoftimeorindefinitely.YoucanuseObjectLock tohelpmeetregulatoryrequirementsthatrequire write-once-read-many (WORM)storageorto simplyaddanotherlayerofprotectionagainstobject changesanddeletions. S3 Replication–Replicateobjectsand theirrespectivemetadataandobjecttagstooneormore destinationbucketsinthesameordifferent AWSRegionsforreducedlatency,compliance,security, andotherusecases. S3BatchOperations–Managebillionsof objectsatscalewithasingleS3APIrequestorafew clicksintheAmazonS3console.YoucanuseBatchOperationsto performoperationssuchasCopy,InvokeAWS Lambdafunction,andRestoreonmillionsorbillionsof objects. Accessmanagement AmazonS3providesfeaturesforauditingandmanagingaccesstoyourbuckets andobjects.Bydefault,S3bucketsandtheobjectsinthemare private.YouhaveaccessonlytotheS3resourcesthatyou create.Tograntgranularresourcepermissionsthatsupportyour specificusecaseortoauditthepermissionsofyourAmazonS3 resources,youcanusethefollowingfeatures. S3BlockPublicAccess–Block publicaccesstoS3bucketsandobjects.Bydefault, BlockPublicAccesssettingsareturnedonatthe accountandbucketlevel. AWSIdentityandAccessManagement(IAM)–CreateIAMusersforyourAWSaccounttomanageaccesstoyourAmazonS3resources. Forexample,youcanuseIAMwithAmazonS3tocontrolthetypeofaccessa userorgroupofusershastoanS3bucketthatyourAWSaccountowns. Bucketpolicies–UseIAM-basedpolicylanguagetoconfigureresource-basedpermissionsforyour S3bucketsandtheobjectsinthem. Accesscontrollists(ACLs)–Grant readandwritepermissionsforindividualbucketsand objectstoauthorizedusers.Asageneralrule,we recommendusingS3resource-basedpolicies(bucket policiesandaccesspointpolicies)orIAMpolicies foraccesscontrolinsteadofACLs.ACLsareanaccess controlmechanismthatpredatesresource-basedpolicies andIAM.Formoreinformationaboutwhenyou'duse ACLsinsteadofresource-basedpoliciesorIAMpolicies, seeAccesspolicyguidelines. S3ObjectOwnership–DisableACLsandtakeownership ofeveryobjectinyourbucket,simplifyingaccessmanagementfordata storedinAmazonS3.You,asthebucketowner,automaticallyownandhavefull controlovereveryobjectinyourbucket,andaccesscontrolforyourdata isbasedonpolicies. AccessAnalyzerforS3–EvaluateandmonitoryourS3bucketaccesspolicies,ensuringthatthepolicies provideonlytheintendedaccesstoyourS3resources. Dataprocessing Totransformdataandtriggerworkflowstoautomateavarietyofother processingactivitiesatscale,youcanusethefollowing features. S3ObjectLambda–AddyourowncodetoS3GETrequeststomodifyandprocessdataasitisreturned toanapplication.Filterrows,dynamicallyresizeimages,redactconfidentialdata, andmuchmore. Eventnotifications–Trigger workflowsthatuseAmazonSimpleNotificationService(AmazonSNS),AmazonSimple QueueService(AmazonSQS), andAWSLambdawhenachangeismadetoyourS3 resources. Storageloggingandmonitoring AmazonS3providesloggingandmonitoringtoolsthatyoucanusetomonitor andcontrolhowyourAmazonS3resourcesarebeingused.Formore information,seeMonitoringtools. Automatedmonitoringtools AmazonCloudWatchmetricsforAmazonS3–Tracktheoperationalhealth ofyourS3resourcesandconfigurebillingalertswhenestimatedcharges reachauser-definedthreshold. AWSCloudTrail– Recordactionstakenbyauser,arole,oranAWSserviceinAmazonS3.CloudTrail logsprovideyouwithdetailedAPItrackingforS3bucket-levelandobject-leveloperations. Manualmonitoringtools Serveraccess logging–Getdetailedrecordsfortherequeststhatare madetoabucket.Youcanuseserveraccesslogsformanyusecases,suchas conductingsecurityandaccessaudits, learningaboutyourcustomerbase,andunderstandingyourAmazonS3bill. AWS TrustedAdvisor–EvaluateyouraccountbyusingAWSbest practicecheckstoidentifywaystooptimizeyourAWSinfrastructure, improvesecurityandperformance,reducecosts,andmonitorservicequotas. Youcanthenfollowtherecommendationstooptimizeyourservicesand resources. Analyticsandinsights AmazonS3offersfeaturestohelpyougainvisibilityintoyourstorageusage,which empowersyoutobetterunderstand,analyze,andoptimizeyourstorageatscale. AmazonS3StorageLens–Understand,analyze, andoptimizeyourstorage.S3StorageLensprovides29+usage andactivitymetricsandinteractivedashboardsto aggregatedataforyourentireorganization,specific accounts,AWSRegions,buckets,orprefixes. StorageClassAnalysis–Analyze storageaccesspatternstodecidewhenit'stimetomove datatoamorecost-effectivestorageclass. S3InventorywithInventoryreports –Auditandreportonobjectsandtheir correspondingmetadataandconfigureotherAmazonS3features totakeactioninInventoryreports.Forexample,you canreportonthereplicationandencryptionstatusof yourobjects.Foralistofallthemetadataavailable foreachobjectinInventoryreports,seeAmazonS3Inventory list. Strongconsistency AmazonS3providesstrongread-after-writeconsistencyforPUTandDELETE requestsofobjectsinyourAmazonS3bucketinallAWSRegions. Thisbehaviorappliestobothwritesofnewobjectsaswellas PUTrequeststhatoverwriteexistingobjectsandDELETE requests.Inaddition,readoperationsonAmazonS3Select,AmazonS3 accesscontrollists(ACLs),AmazonS3ObjectTags,andobject metadata(forexample,theHEADobject)arestronglyconsistent. Formoreinformation,seeAmazonS3dataconsistencymodel. HowAmazonS3works AmazonS3isanobjectstorageservicethatstoresdataasobjectswithin buckets.Anobjectisafileand anymetadatathatdescribesthefile.Abucketisacontainerforobjects. TostoreyourdatainAmazonS3,youfirstcreateabucketandspecifya bucketnameandAWSRegion.Then,youuploadyourdatatothat bucketasobjectsinAmazonS3.Eachobjecthasakey(orkey name),whichistheuniqueidentifierfortheobject withinthebucket. S3providesfeaturesthatyoucanconfiguretosupportyourspecificusecase.For example, youcanuseS3Versioningtokeepmultipleversionsofanobjectinthesamebucket, whichallowsyoutorestoreobjectsthatareaccidentallydeletedoroverwritten. Bucketsandtheobjectsinthemareprivateandcanbeaccessedonlyif youexplicitlygrantaccesspermissions.Youcanusebucket policies,AWSIdentityandAccessManagement(IAM)policies,accesscontrollists (ACLs), andS3AccessPointstomanageaccess. Topics Buckets Objects Keys S3Versioning VersionID Bucketpolicy Accesscontrollists(ACLs) S3AccessPoints Regions Buckets AbucketisacontainerforobjectsstoredinAmazonS3.Youcanstoreanynumber ofobjectsinabucketandcanhaveupto100bucketsinyouraccount.Torequest anincrease,visittheServiceQuotasConsole. Everyobjectiscontainedinabucket.Forexample,iftheobjectnamedphotos/puppy.jpgisstoredinthe DOC-EXAMPLE-BUCKETbucketintheUSWest(Oregon)Region,thenit isaddressableusingtheURLhttps://DOC-EXAMPLE-BUCKET.s3.us-west-2.amazonaws.com/photos/puppy.jpg. Formoreinformation,seeAccessinga Bucket. Whenyoucreateabucket,youenterabucketnameandchoosethe AWSRegionwherethebucketwillreside.Afteryoucreatea bucket,youcannotchangethenameofthebucketoritsRegion. Bucketnamesmustfollowthebucketnamingrules.Youcanalsoconfigurea buckettouseS3Versioningor otherstoragemanagementfeatures. Bucketsalso: OrganizetheAmazonS3namespaceatthehighestlevel. Identifytheaccountresponsibleforstorageanddatatransfer charges. Provideaccesscontroloptions,suchasbucketpolicies,access controllists(ACLs),andS3AccessPoints,thatyoucan usetomanageaccesstoyourAmazonS3resources. Serveastheunitofaggregationforusagereporting. Formoreinformationaboutbuckets,seeBucketsoverview. Objects ObjectsarethefundamentalentitiesstoredinAmazonS3.Objectsconsistof objectdataandmetadata.Themetadataisasetofname-value pairsthatdescribetheobject.Thesepairsincludesomedefault metadata,suchasthedatelastmodified,andstandardHTTP metadata,suchasContent-Type.Youcanalso specifycustommetadataatthetimethattheobjectis stored. Anobjectisuniquelyidentifiedwithinabucketbyakey(name)andaversionID(ifS3Versioning isenabledonthebucket).Formoreinformationaboutobjects, seeAmazonS3objectsoverview. Keys Anobjectkey(orkeyname)istheuniqueidentifier foranobjectwithinabucket.Everyobjectinabuckethas exactlyonekey.Thecombinationofabucket,objectkey,and optionally,versionID(ifS3Versioningisenabledforthe bucket)uniquelyidentifyeachobject.SoyoucanthinkofAmazonS3 asabasicdatamapbetween"bucket+key+version"andthe objectitself. EveryobjectinAmazonS3canbeuniquelyaddressedthroughthecombinationofthe web serviceendpoint,bucketname,key,andoptionally,aversion.Forexample,in the URL https://DOC-EXAMPLE-BUCKET.s3.us-west-2.amazonaws.com/photos/puppy.jpg, DOC-EXAMPLE-BUCKETisthenameofthebucket and/photos/puppy.jpgisthekey. Formoreinformationaboutobjectkeys,seeCreatingobjectkeynames. S3Versioning YoucanuseS3Versioningtokeepmultiplevariantsofanobjectinthesamebucket. WithS3Versioning,youcanpreserve,retrieve,andrestoreeveryversionofevery objectstoredinyourbuckets.Youcaneasilyrecoverfrombothunintendeduseractions andapplicationfailures. Formoreinformation,seeUsingversioninginS3buckets. VersionID WhenyouenableS3Versioninginabucket,AmazonS3generatesaunique versionIDforeachobjectaddedtothebucket.Objectsthat alreadyexistedinthebucketatthetimethatyouenable versioninghaveaversionIDofnull.Ifyoumodify these(oranyother)objectswithotheroperations,suchas CopyObject andPutObject, thenewobjectsgetauniqueversionID. Formoreinformation,seeUsingversioninginS3buckets. Bucketpolicy Abucketpolicyisaresource-basedAWSIdentityandAccessManagement(IAM)policy thatyoucanusetogrant accesspermissionstoyourbucketandtheobjectsinit.Onlythebucketowner can associateapolicywithabucket.Thepermissionsattachedtothebucketapply to alloftheobjectsinthebucketthatareownedbythebucketowner.Bucketpolicies arelimitedto20KBinsize. BucketpoliciesuseJSON-basedaccesspolicylanguagethatisstandard acrossAWS.Youcanusebucketpoliciestoaddordeny permissionsfortheobjectsinabucket.Bucketpoliciesallow ordenyrequestsbasedontheelementsinthepolicy,including therequester,S3actions,resources,andaspectsorconditions oftherequest(forexample,theIPaddressusedtomakethe request).Forexample,youcancreateabucketpolicythat grantscross-accountpermissionstouploadobjectstoanS3 bucketwhileensuringthatthebucketownerhasfullcontrolof theuploadedobjects.Formoreinformation,seeBucketpolicyexamples. Inyourbucketpolicy,youcanusewildcardcharactersonAmazon ResourceNames(ARNs)andothervaluestograntpermissionstoa subsetofobjects.Forexample,youcancontrolaccesstogroups ofobjectsthatbeginwithacommonprefixorendwithagivenextension,suchas .html. Accesscontrollists(ACLs) YoucanuseACLstograntreadandwritepermissionstoauthorizedusersforindividual bucketsandobjects.EachbucketandobjecthasanACLattachedtoitasa subresource.TheACLdefineswhichAWSaccountsorgroupsaregrantedaccessand thetypeofaccess.ACLsareanaccesscontrolmechanismthatpredatesIAM.For moreinformationaboutACLs,seeAccesscontrollist(ACL)overview. Bydefault,whenanotherAWSaccountuploadsanobjecttoyourS3bucket,thataccount (theobject writer)ownstheobject,hasaccesstoit,andcangrantotherusersaccesstoit through ACLs.YoucanuseObjectOwnershiptochangethisdefaultbehaviorsothatACLs are disabledandyou,asthebucketowner,automaticallyowneveryobjectinyourbucket. Asa result,accesscontrolforyourdataisbasedonpolicies,suchasIAMpolicies, S3bucket policies,virtualprivatecloud(VPC)endpointpolicies,andAWSOrganizationsservice controlpolicies(SCPs). AmajorityofmodernusecasesinAmazonS3nolongerrequiretheuseofACLs,and werecommend thatyoudisableACLsexceptinunusualcircumstanceswhereyouneedtocontrol accessfor eachobjectindividually.WithObjectOwnership,youcandisableACLsandrelyon policiesforaccesscontrol.WhenyoudisableACLs,youcaneasilymaintainabucket with objectsuploadedbydifferentAWSaccounts.You,asthebucketowner,ownallthe objectsin thebucketandcanmanageaccesstothemusingpolicies.Formoreinformation,see ControllingownershipofobjectsanddisablingACLs foryourbucket. S3AccessPoints AmazonS3AccessPointsarenamednetworkendpointswithdedicatedaccesspolicies thatdescribehowdatacanbeaccessedusingthatendpoint.AccessPointssimplify managingdataaccessatscaleforshareddatasetsinAmazonS3. AccessPointsarenamednetworkendpointsattachedtobucketsthatyoucanuse toperformS3objectoperations,suchasGetObjectandPutObject. EachaccesspointhasitsownIAMpolicy.YoucanconfigureBlockPublic Accesssettingsforeachaccesspoint.Torestrict AmazonS3dataaccesstoaprivatenetwork,youcanalsoconfigure anyaccesspointtoacceptrequestsonlyfromavirtualprivate cloud(VPC). Formoreinformation,seeManagingdataaccesswithAmazonS3accesspoints. Regions YoucanchoosethegeographicalAWSRegionwhereAmazonS3storesthe bucketsthatyoucreate.YoumightchooseaRegiontooptimize latency,minimizecosts,oraddressregulatoryrequirements. ObjectsstoredinanAWSRegionneverleavetheRegionunless youexplicitlytransferorreplicatethemtoanotherRegion. Forexample,objectsstoredin theEurope(Ireland)Regionneverleaveit. Note YoucanaccessAmazonS3anditsfeaturesonlyintheAWSRegionsthat areenabledforyouraccount.Formoreinformationabout enablingaRegiontocreateandmanageAWSresources,see Managing AWSRegionsinthe AWSGeneralReference. ForalistofAmazonS3Regionsandendpoints,seeRegions andendpointsinthe AWSGeneralReference. AmazonS3dataconsistencymodel AmazonS3providesstrongread-after-writeconsistencyforPUTandDELETE requestsofobjectsinyourAmazonS3bucketinallAWSRegions.This behaviorappliestobothwritestonewobjectsaswellasPUT requeststhatoverwriteexistingobjectsandDELETErequests.In addition,readoperationsonAmazonS3Select,AmazonS3accesscontrolslists (ACLs),AmazonS3ObjectTags,andobjectmetadata(forexample,theHEAD object)arestronglyconsistent. Updatestoasinglekeyareatomic.Forexample,ifyoumakeaPUT requesttoanexistingkeyfromonethreadandperformaGETrequest onthesamekeyfromasecondthreadconcurrently,youwillget eithertheolddataorthenewdata,butneverpartialorcorrupt data. AmazonS3achieveshighavailabilitybyreplicatingdataacrossmultiple serverswithinAWSdatacenters.IfaPUTrequestissuccessful, yourdataissafelystored.Anyread(GETorLISTrequest)thatis initiatedfollowingthereceiptofasuccessfulPUTresponsewill returnthedatawrittenbythePUTrequest.Hereareexamplesof thisbehavior: AprocesswritesanewobjecttoAmazonS3andimmediatelylistskeys withinitsbucket.Thenewobjectappearsinthe list. Aprocessreplacesanexistingobjectandimmediatelytriestoread it.AmazonS3returnsthenewdata. Aprocessdeletesanexistingobjectandimmediatelytriestoread it.AmazonS3doesnotreturnanydatabecausetheobjecthas beendeleted. Aprocessdeletesanexistingobjectandimmediatelylistskeys withinitsbucket.Theobjectdoesnotappearinthe listing. Note AmazonS3doesnotsupportobjectlockingforconcurrentwriters.Iftwo PUTrequestsaresimultaneouslymadetothesamekey, therequestwiththelatesttimestampwins.Ifthisis anissue,youmustbuildanobject-lockingmechanism intoyourapplication. Updatesarekey-based.Thereisnowaytomakeatomicupdatesacross keys.Forexample,youcannotmaketheupdateofonekeydependenton theupdateofanotherkeyunlessyoudesignthisfunctionalityintoyour application. Bucketconfigurationshaveaneventualconsistencymodel.Specifically, thismeansthat: Ifyoudeleteabucketandimmediatelylistallbuckets,thedeleted bucketmightstillappearinthelist. Ifyouenableversioningonabucketforthefirsttime,itmight takeashortamountoftimeforthechangetobefully propagated.Werecommendthatyouwaitfor15minutesafter enablingversioningbeforeissuingwriteoperations(PUTor DELETErequests)onobjectsinthebucket. Concurrent applications Thissectionprovidesexamplesofbehaviortobeexpectedfrom AmazonS3whenmultipleclientsarewritingtothesameitems. Inthisexample,bothW1(write1)andW2(write2)finish beforethestartofR1(read1)andR2(read2).BecauseS3is stronglyconsistent,R1andR2bothreturncolor= ruby. Inthenextexample,W2doesnotfinishbeforethestartof R1.Therefore,R1mightreturncolor=rubyor color=garnet.However,becauseW1andW2 finishbeforethestartofR2,R2returnscolor= garnet. Inthelastexample,W2beginsbeforeW1hasreceivedan acknowledgement.Therefore,thesewritesareconsidered concurrent.AmazonS3internallyuseslast-writer-winssemanticsto determinewhichwritetakesprecedence.However,theorderin whichAmazonS3receivestherequestsandtheorderinwhich applicationsreceiveacknowledgementscannotbepredicted becauseofvariousfactors,suchasnetworklatency.For example,W2mightbeinitiatedbyanAmazonEC2instanceinthesame Region,whileW1mightbeinitiatedbyahostthatisfarther away.Thebestwaytodeterminethefinalvalueistoperforma readafterbothwriteshavebeenacknowledged. Relatedservices AfteryouloadyourdataintoAmazonS3,youcanuseitwithotherAWS services.Thefollowingaretheservicesthatyoumightusemost frequently: AmazonElasticComputeCloud (AmazonEC2)–Providessecureand scalablecomputingcapacityintheAWSCloud.UsingAmazonEC2 eliminatesyourneedtoinvestinhardwareupfront,soyou candevelopanddeployapplicationsfaster.Youcanuse AmazonEC2tolaunchasmanyorasfewvirtualserversasyou need,configuresecurityandnetworking,andmanage storage. AmazonEMR–Helps businesses,researchers,dataanalysts,anddevelopers easilyandcost-effectivelyprocessvastamountsofdata. AmazonEMRusesahostedHadoopframeworkrunningonthe web-scaleinfrastructureofAmazonEC2andAmazonS3. AWSSnow Family–Helpscustomersthat needtorunoperationsinaustere,non-datacenter environments,andinlocationswherethere'salackof consistentnetworkconnectivity.YoucanuseAWSSnow Familydevicestolocallyandcost-effectivelyaccessthe storageandcomputepoweroftheAWSCloudinplaceswhere aninternetconnectionmightnotbeanoption. AWSTransferFamily –Providesfullymanagedsupportforfiletransfers directlyintoandoutofAmazonS3orAmazonElasticFileSystem(AmazonEFS) using SecureShell(SSH)FileTransferProtocol(SFTP),File TransferProtocoloverSSL(FTPS),andFileTransfer Protocol(FTP). AccessingAmazonS3 YoucanworkwithAmazonS3inanyofthefollowingways: AWSManagementConsole Theconsoleisaweb-baseduserinterfaceformanagingAmazonS3andAWS resources.Ifyou'vesignedupforanAWSaccount,youcan accesstheAmazonS3consolebysigningintotheAWSManagementConsoleand choosingS3fromtheAWSManagementConsolehome page. AWSCommandLineInterface YoucanusetheAWScommandlinetoolstoissuecommandsorbuildscriptsatyour system'scommandlinetoperformAWS(includingS3)tasks. TheAWSCommandLineInterface(AWSCLI) providescommandsforabroadsetofAWSservices.TheAWSCLI issupportedonWindows,macOS,andLinux.Togetstarted,see theAWSCommandLineInterfaceUserGuide.Formoreinformation aboutthecommandsforAmazonS3,sees3apiands3controlinthe AWSCLICommandReference. AWSSDKs AWSprovidesSDKs(softwaredevelopmentkits)thatconsistof librariesandsamplecodeforvariousprogramminglanguagesand platforms(Java,Python,Ruby,.NET,iOS,Android,andsoon). TheAWSSDKsprovideaconvenientwaytocreateprogrammatic accesstoS3andAWS.AmazonS3isaRESTservice.Youcansend requeststoAmazonS3usingtheAWSSDKlibraries.whichwrapthe underlyingAmazonS3RESTAPIandsimplifyyourprogrammingtasks. Forexample,theSDKstakecareoftaskssuchascalculating signatures,cryptographicallysigningrequests,managingerrors, andretryingrequestsautomatically.Forinformationaboutthe AWSSDKs,includinghowtodownloadandinstallthem,see Toolsfor AWS. EveryinteractionwithAmazonS3iseitherauthenticatedoranonymous.If youareusingtheAWSSDKs,thelibrariescomputethe signatureforauthenticationfromthekeysthatyouprovide.For moreinformationabouthowtomakerequeststoAmazonS3,seeMakingrequests. AmazonS3RESTAPI ThearchitectureofAmazonS3isdesignedtobeprogramming language-neutral,usingAWS-supportedinterfacestostoreand retrieveobjects.YoucanaccessS3andAWSprogrammatically byusingtheAmazonS3RESTAPI.TheRESTAPIisanHTTPinterfaceto AmazonS3.WiththeRESTAPI,youusestandardHTTPrequeststo create,fetch,anddeletebucketsandobjects. TousetheRESTAPI,youcanuseanytoolkitthatsupportsHTTP.You canevenuseabrowsertofetchobjects,aslongastheyare anonymouslyreadable. TheRESTAPIusesstandardHTTPheadersandstatuscodes,sothat standardbrowsersandtoolkitsworkasexpected.Insomeareas, wehaveaddedfunctionalitytoHTTP(forexample,weadded headerstosupportaccesscontrol).Inthesecases,wehavedone ourbesttoaddthenewfunctionalityinawaythatmatchesthe styleofstandardHTTPusage. IfyoumakedirectRESTAPIcallsinyourapplication,youmustwritethecodeto computethesignatureandaddittotherequest.Formoreinformationabouthowto makerequeststoAmazonS3,seeMakingrequests. Note SOAPAPIsupportoverHTTPisdeprecated,butitisstillavailable overHTTPS.NewerAmazonS3featuresarenotsupportedforSOAP. WerecommendthatyouuseeithertheRESTAPIortheAWS SDKs. PayingforAmazonS3 PricingforAmazonS3isdesignedsothatyoudon'thavetoplanforthe storagerequirementsofyourapplication.Moststorageproviders requireyoutopurchaseapredeterminedamountofstorageand networktransfercapacity.Inthisscenario,ifyouexceedthat capacity,yourserviceisshutofforyouarechargedhighoverage fees.Ifyoudonotexceedthatcapacity,youpayasthoughyouused itall. AmazonS3chargesyouonlyforwhatyouactuallyuse,withnohiddenfeesand nooveragecharges.Thismodelgivesyouavariable-costservice thatcangrowwithyourbusinesswhilegivingyouthecost advantagesoftheAWSinfrastructure.Formoreinformation,see AmazonS3 Pricing. WhenyousignupforAWS,yourAWSaccountisautomaticallysigned upforallservicesinAWS,includingAmazonS3.However,youare chargedonlyfortheservicesthatyouuse.IfyouareanewAmazonS3 customer,youcangetstartedwithAmazonS3forfree.Formore information,seeAWSfree tier. Toseeyourbill,gototheBillingandCostManagementDashboardintheAWSBillingandCostManagementconsole.Tolearnmoreabout AWSaccountbilling,seetheAWSBillingandCostManagementUserGuide.Ifyouhavequestions concerningAWSbillingandAWSaccounts,contactAWSSupport. PCIDSScompliance AmazonS3supportstheprocessing,storage,andtransmission ofcreditcarddatabyamerchantorserviceprovider,andhasbeen validatedasbeingcompliantwithPaymentCardIndustry(PCI)DataSecurityStandard (DSS). FormoreinformationaboutPCIDSS,includinghowtorequestacopyoftheAWSPCI CompliancePackage, seePCIDSSLevel1. DocumentConventions Gettingstarted Didthispagehelpyou?-Yes Thanksforlettingusknowwe'redoingagoodjob! Ifyou'vegotamoment,pleasetelluswhatwedidrightsowecandomoreofit. Didthispagehelpyou?-No Thanksforlettingusknowthispageneedswork.We'resorryweletyoudown. Ifyou'vegotamoment,pleasetellushowwecanmakethedocumentationbetter.