Amazon S3

Amazon Simple Storage Service (Amazon S3) is, as described by its name, a simple way of storing a large amount of data on the cloud at a very low cost with a nice set of features. Unlike EC2 storage based on devices with predefined size, Amazon S3 is practically a key value storage that enables us to identify data with a key. Unlike other key value storage technologies, S3 is prepared to store from tiny to very large objects (up to 5 terabytes) with very low response times and that are accessible anywhere.

In the same way as EC2, Amazon S3 is a feature that has the concept of regions, but S3 does not understand availability zones: the S3 service itself manages to get the objects stored on different devices, so you don't need to worry about it. The data is stored in an abstraction called buckets that, if we try to compare S3 with a filesystem, would be the equivalent to a folder but with one catch: the bucket name has to be unique across all the regions on your AWS account so we can't create one bucket called Documents in two different regions.

Another advantage of S3 is that AWS provides a REST API to access objects in a very simple way, which makes it fairly easy to use it as storage for the modern web.

One of the best use cases that I've come across in my professional life for S3 is the management of a large number of documents in a financial institution. Usually, when companies are dealing with money, they have to onboard the customers to a process called Customer Due Diligence (CDD). This process ensures that the customers are who they claim to be and that the money is coming from a valid source. The company also has to keep the documents for a minimum of 6 years due to financial regulations.

In order to carry on this investigation, the users need to send documents to the company, and Amazon S3 is the perfect match for it: the customer uploads the documents to the website of the company, which in reality is pushing the documents to S3 buckets (one per customer) and replicating them across regions with the Amazon S3 replication feature. Also, S3 provides another interesting feature for this model: links to objects that expire within a time frame. Basically, this enables you to create a link that is valid only for a period of time so that if the person reviewing documents exposes the link to a third party, S3 will reply with an error, making it really hard to leak documents accidentally (the user could always download it).

Another interesting feature of S3 is the possibility of integrating it with Amazon Key Management System (Amazon KMS), another feature provided by AWS), so all our objects in S3 are encrypted by a key stored in KMS that can be transparently rotated periodically.