Amazon S3 for Developers

Difficulty: medium

Overview

Consistency: Strong read-after-write consistency for all operations since Dec 2020.

Multipart Upload: Recommended > 100 MB, required > 5 GB. Upload parts in parallel. Parts can be retried. Must complete or abort.

Pre-signed URLs: Temp access for GET or PUT. Up to 7 days (IAM user) or 12 hours (IAM role via STS).

S3 Event Notifications: ObjectCreated, ObjectRemoved → SQS, SNS, Lambda, EventBridge.

Object Lock (WORM):

Compliance Mode: No one can delete before retention expires.
Governance Mode: Privileged users can override.

SSE Options:

SSE-S3: AWS manages keys. Header: x-amz-server-side-encryption: AES256.
SSE-KMS: KMS manages keys. Uses GenerateDataKey per object.
SSE-C: Customer provides key per request. HTTPS required.

Versioning: DELETE creates delete marker. MFA Delete: requires MFA to permanently delete versions.

CORS: Configure on bucket for browser clients making direct S3 requests from different domains.

S3 Select: Query data in-place with SQL. Reduce data transfer.

Transfer Acceleration: CloudFront edge for upload acceleration. URL: bucket.s3-accelerate.amazonaws.com.

Practice Linked Questions

easy

Q1. A developer needs to allow a web browser to make cross-origin requests to an S3 bucket to display images. The browser shows a CORS error. What must the developer configure?