# Amazon S3 ### 🔗 **Quicklinks (Bookmark):** * Cost Explorer: [AWS S3 Costs by API](https://us-east-1.console.aws.amazon.com/costmanagement/home?region=us-east-1#/cost-explorer?chartStyle=STACK\&costAggregate=unBlendedCost\&endDate=2025-09-30\&excludeForecasting=false\&filter=%5B%7B%22dimension%22:%7B%22id%22:%22Service%22,%22displayValue%22:%22Service%22%7D,%22operator%22:%22INCLUDES%22,%22values%22:%5B%7B%22value%22:%22Amazon%20Simple%20Storage%20Service%22,%22displayValue%22:%22S3%20\(Simple%20Storage%20Service\)%22%7D%5D%7D%5D\&futureRelativeRange=CUSTOM\&granularity=Daily\&groupBy=%5B%22Operation%22%5D\&historicalRelativeRange=LAST_MONTH\&isDefault=true\&reportMode=STANDARD\&reportName=New%20cost%20and%20usage%20report\&showOnlyUncategorized=false\&showOnlyUntagged=false\&startDate=2025-09-01\&usageAggregate=undefined\&useNormalizedUnits=false) * Cost Explorer: [AWS S3 Storage Tier Costs & Size](https://us-east-1.console.aws.amazon.com/costmanagement/home?region=us-east-1#/cost-explorer?chartStyle=STACK\&costAggregate=unBlendedCost\&endDate=2025-09-30\&excludeForecasting=false\&filter=%5B%7B%22dimension%22:%7B%22id%22:%22Service%22,%22displayValue%22:%22Service%22%7D,%22operator%22:%22INCLUDES%22,%22values%22:%5B%7B%22value%22:%22Amazon%20Simple%20Storage%20Service%22,%22displayValue%22:%22S3%20\(Simple%20Storage%20Service\)%22%7D%5D%7D,%7B%22dimension%22:%7B%22id%22:%22UsageTypeGroup%22,%22displayValue%22:%22Usage%20type%20group%22%7D,%22operator%22:%22INCLUDES%22,%22values%22:%5B%7B%22value%22:%22S3:%20Storage%20-%20Glacier%22,%22displayValue%22:%22S3:%20Storage%20-%20Glacier%22%7D,%7B%22value%22:%22S3:%20Storage%20-%20Intelligent%20Tiering%22,%22displayValue%22:%22S3:%20Storage%20-%20Intelligent%20Tiering%22%7D,%7B%22value%22:%22S3:%20Storage%20-%20Standard%22,%22displayValue%22:%22S3:%20Storage%20-%20Standard%22%7D,%7B%22value%22:%22S3:%20Storage%20-%20Standard%20Infrequent%20Access%22,%22displayValue%22:%22S3:%20Storage%20-%20Standard%20Infrequent%20Access%22%7D%5D%7D%5D\&futureRelativeRange=CUSTOM\&granularity=Daily\&groupBy=%5B%22Operation%22%5D\&historicalRelativeRange=LAST_MONTH\&isDefault=true\&reportMode=STANDARD\&reportName=New%20cost%20and%20usage%20report\&showOnlyUncategorized=false\&showOnlyUntagged=false\&startDate=2025-09-01\&usageAggregate=usageQuantity\&useNormalizedUnits=false) * Cost Explorer: [AWS S3 Data Transfer Costs](https://us-east-1.console.aws.amazon.com/costmanagement/home?region=us-east-1#/cost-explorer?chartStyle=STACK\&costAggregate=unBlendedCost\&endDate=2025-09-30\&excludeForecasting=false\&filter=%5B%7B%22dimension%22:%7B%22id%22:%22Service%22,%22displayValue%22:%22Service%22%7D,%22operator%22:%22INCLUDES%22,%22values%22:%5B%7B%22value%22:%22Amazon%20Simple%20Storage%20Service%22,%22displayValue%22:%22S3%20\(Simple%20Storage%20Service\)%22%7D%5D%7D,%7B%22dimension%22:%7B%22id%22:%22UsageTypeGroup%22,%22displayValue%22:%22Usage%20type%20group%22%7D,%22operator%22:%22INCLUDES%22,%22values%22:%5B%7B%22value%22:%22S3:%20Storage%20-%20Glacier%22,%22displayValue%22:%22S3:%20Storage%20-%20Glacier%22%7D,%7B%22value%22:%22S3:%20Storage%20-%20Intelligent%20Tiering%22,%22displayValue%22:%22S3:%20Storage%20-%20Intelligent%20Tiering%22%7D,%7B%22value%22:%22S3:%20Storage%20-%20Standard%22,%22displayValue%22:%22S3:%20Storage%20-%20Standard%22%7D,%7B%22value%22:%22S3:%20Storage%20-%20Standard%20Infrequent%20Access%22,%22displayValue%22:%22S3:%20Storage%20-%20Standard%20Infrequent%20Access%22%7D%5D%7D%5D\&futureRelativeRange=CUSTOM\&granularity=Daily\&groupBy=%5B%22Operation%22%5D\&historicalRelativeRange=LAST_MONTH\&isDefault=true\&reportMode=STANDARD\&reportName=New%20cost%20and%20usage%20report\&showOnlyUncategorized=false\&showOnlyUntagged=false\&startDate=2025-09-01\&usageAggregate=usageQuantity\&useNormalizedUnits=false) * Cost Explorer: [AWS S3 API Requests & Cost](https://us-east-1.console.aws.amazon.com/costmanagement/home?region=us-east-1#/cost-explorer?chartStyle=STACK\&costAggregate=unBlendedCost\&endDate=2025-09-30\&excludeForecasting=false\&filter=%5B%7B%22dimension%22:%7B%22id%22:%22Service%22,%22displayValue%22:%22Service%22%7D,%22operator%22:%22INCLUDES%22,%22values%22:%5B%7B%22value%22:%22Amazon%20Simple%20Storage%20Service%22,%22displayValue%22:%22S3%20\(Simple%20Storage%20Service\)%22%7D%5D%7D,%7B%22dimension%22:%7B%22id%22:%22UsageTypeGroup%22,%22displayValue%22:%22Usage%20type%20group%22%7D,%22operator%22:%22INCLUDES%22,%22values%22:%5B%7B%22value%22:%22S3:%20API%20Requests%20-%20Standard%22,%22displayValue%22:%22S3:%20API%20Requests%20-%20Standard%22%7D,%7B%22value%22:%22S3:%20API%20Requests%20-%20Standard%20Infrequent%20Access%22,%22displayValue%22:%22S3:%20API%20Requests%20-%20Standard%20Infrequent%20Access%22%7D%5D%7D%5D\&futureRelativeRange=CUSTOM\&granularity=Daily\&groupBy=%5B%22Operation%22%5D\&historicalRelativeRange=LAST_MONTH\&isDefault=true\&reportMode=STANDARD\&reportName=New%20cost%20and%20usage%20report\&showOnlyUncategorized=false\&showOnlyUntagged=false\&startDate=2025-09-01\&usageAggregate=usageQuantity\&useNormalizedUnits=false)s * S3 Storage Lens: [AWS S3 Storage Lens Dashboard](https://us-east-1.console.aws.amazon.com/compute-optimizer/home?region=us-east-1#/resources-lists/idle) * S3 CUR Queries: [Query CUR on Athena](https://catalog.workshops.aws/cur-query-library/en-US/queries/storage) **Amazon S3** is AWS’s object store: practically limitless capacity, **11 × 9s durability**, and a menu of storage classes for every access pattern. It’s also where “surprise line items” often show up, especially from **requests**, **cross-Region transfers**, and **replication**. This page blends Grok’s highlights with pragmatic FinOps-oriented guidance. > **At a glance** > > * High durability by design; availability targets vary by class (e.g., Standard is higher than One Zone classes). > * New objects are **encrypted at rest by default (SSE-S3)**. *** ### 🚀 What is S3? **Amazon Simple Storage Service (S3)** stores any amount of data for data lakes, analytics, ML, backups, and app assets. You pay for **storage**, **requests**, **retrievals** (for some classes), **data transfer**, and optional analytics features. S3 integrates with lifecycle policies, replication, IAM, KMS, and org-wide analytics (Storage Lens). **Key traits** * Elastic capacity; no provisioning. * Strong durability by design. * **Default encryption (SSE-S3)** for all new uploads. * Multiple **storage classes** tuned for access patterns; lifecycle automation to transition/delete. *** ### ⚙️ Storage Classes — Pick the Right Tier | Class | Primary Use | Notes & Gotchas | | --------------------------------- | ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **S3 Standard** | Hot data, frequent access | Default, multi-AZ, low latency. | | **S3 Express One Zone** | Ultra-low latency, many small objects, single-AZ | Single-digit ms; uses **directory buckets**; designed to colocate with compute in the same AZ; no lifecycle transitions. | | **S3 Intelligent-Tiering** | Unknown/changing access | Auto-moves between frequent/infrequent/archive tiers; **no retrieval fees**; small per-object monitoring/automation charge; 128 KB min object size for auto-tiering. | | **S3 Standard-IA** | Long-lived, infrequently accessed | Lower storage price; **per-GB retrieval**; **30-day minimum** charge. | | **S3 One Zone-IA** | Re-creatable data, secondary backups | Cheapest “warm” tier; **single AZ** risk; **30-day minimum** charge. | | **S3 Glacier Instant Retrieval** | Archives with occasional millisecond access | **90-day minimum** storage charge; retrieval fees. | | **S3 Glacier Flexible Retrieval** | Rarely accessed archives | Minutes–hours retrieval; **90-day minimum**. | | **S3 Glacier Deep Archive** | “Put it and forget it” | Hours to retrieve; **180-day minimum**; lowest storage cost. | **Rule of thumb:**\ Hot = **Standard** → Unpredictable = **Intelligent-Tiering** → Single-AZ micro-latency = **Express One Zone** → Cold/Archive = **Glacier** family. *** ### 🧬 S3 Variants | Variant | What it is | When to use | Caveats | | ------------------ | -------------------------------------- | ------------------------------------------- | ---------------------------------------------------------------------------------- | | **S3 (regional)** | Multi-AZ object storage in AWS Regions | Nearly all workloads | Internet-facing by default; control access with IAM/bucket policies/Access Points. | | **S3 on Outposts** | On-prem S3 API-compatible buckets | Strict data-residency / low-latency on-prem | Limited classes; SSE-KMS not supported (uses local keys). | *** ### 🏛️ Replication Options | Option | Use When | Cost Notes | | ---------------------------------- | ------------------------------------------- | ------------------------------------------------------------------------------------------- | | **No replication** | Non-critical or cost-sensitive | Cheapest; rely on regional durability. | | **Same-Region Replication (SRR)** | Live backup, data movement between accounts | Pay for destination storage and replication requests; no inter-Region data transfer charge. | | **Cross-Region Replication (CRR)** | DR, compliance, geo-proximity | Adds inter-Region data transfer out + requests + destination storage; rates vary by Region. | > **Tip:** **Replication Time Control (RTC)** guarantees replication SLAs but adds extra cost—use only when RPO/RTO really require it. *** ### 🧠 S3 Optimization Strategy (FinOps) | Theme | What to do | Why/Tools | | ------------------------------- | -------------------------------------------------------------------- | --------------------------------------------------------------------------------------- | | **Analyze access** | Identify cold data and large, old prefixes | **Storage Lens** and **Storage Class Analysis** surface transition/deletion candidates. | | **Automate lifecycle** | Transition Standard → IA/Glacier on age; expire noncurrent versions | Lifecycle is the backbone of S3 cost control. | | **Use Intelligent-Tiering** | When patterns are unknown or bursty | Avoids wrong bets; small per-object monitoring fee; **no retrieval fees**. | | **Right-size encryption costs** | If using SSE-KMS at scale, enable **S3 Bucket Keys** | Reduces KMS request costs dramatically for high-request buckets. | | **Kill junk** | Delete orphaned data, stale multipart uploads, old inventory reports | Use **S3 Inventory** + **Batch Operations**; enable **AbortIncompleteMultipartUpload**. | | **Review monthly** | Track request spikes, inter-Region traffic, version churn | **Cost Explorer** + **Storage Lens** dashboards. | > Savings of **30–75%** are common from lifecycle transitions, Intelligent-Tiering, and versioning clean-ups (your mileage varies). *** ### 💸 Pricing Model & Gotchas * **Pay-as-you-go** for storage, requests, retrievals (some classes), **data transfer**, replication, and optional analytics (Storage Lens/Analytics/Inventory). * **Minimum storage durations** apply to IA and Glacier classes (30/90/180 days). * **Free allowances (12-month free tier)**: 5 GB Standard, 20k GET, 2k PUT per month; many accounts also get 100 GB/month data transfer out to the Internet across services. **Common bill-busters** * Millions of tiny objects → lots of **PUT/GET/LIST** calls. * **CRR** or cross-Region access → inter-Region transfer charges. * **SSE-KMS** on high-request buckets → KMS API charges unless you enable **Bucket Keys**. * Turning on **every** analytics feature everywhere (Storage Lens Advanced, Analytics, Inventory) → per-million-object fees; scope to high-value buckets. *** ### ⏱️ Automation Patterns * **Lifecycle Policies:** Transition to IA/Glacier after N days; expire incomplete multipart uploads; limit noncurrent versions. * **EventBridge + Lambda:** Notify on object age/size/tag rules to auto-archive or delete. * **Intelligent-Tiering:** Drop-in for unpredictable data—no lifecycle logic to maintain. *** ### 🔒 Security & Compliance * **Default encryption (SSE-S3)** on all new uploads; use **SSE-KMS** for key control. * **Block Public Access** at account and bucket level; use **Access Analyzer** to audit. * **Access Points** (incl. VPC-only) for per-app permissions. * **Versioning** and **MFA Delete** for protection (remember: versions cost $$—expire noncurrent versions). * Prefer **Gateway/VPC endpoints** to keep traffic off NAT/Internet where possible. *** ### 📊 Monitoring & Tools * **S3 Storage Lens:** Org-wide usage and cost signals; Advanced metrics priced per million objects. * **S3 Analytics (Storage Class Analysis):** Identify IA/Glacier candidates. * **S3 Inventory:** Daily/weekly object catalogs for audits & batch ops. * **CloudWatch + Cost Explorer:** Alert on request spikes, 4xx/5xx, or data-transfer surges. * **CUR + Athena:** Penny-level breakdown; join with Inventory for per-object cost attribution. *** ### 🧪 Practical selection cheat-sheet * **Web/app assets, ML features, hot data lake:** **Standard** (or **Express One Zone** if you truly need single-AZ micro-latency). * **Unknown access pattern:** **Intelligent-Tiering**—set it and forget it. * **Backups/secondaries:** **Standard-IA** or **One Zone-IA** (if re-creatable) with lifecycle from Standard. * **Archives:** **Glacier Instant/Flexible/Deep Archive** based on retrieval speed needs. * **Strict residency/on-prem latency:** **S3 on Outposts** (mind the SSE-KMS limitation). *** ### ✅ S3 FinOps Checklist * [ ] Turn on **Storage Lens** and **Inventory** for your biggest buckets. * [ ] Add **Lifecycle**: expire old versions & incomplete MPUs; transition cold data on a schedule. * [ ] Use **Intelligent-Tiering** where access is unpredictable; otherwise fix a class and enforce with tags/policies. * [ ] Right-size replication scope (prefix/tag filters); document RPO/RTO and costs. * [ ] Put static/public delivery behind **CloudFront** to reduce egress and latency. * [ ] Enforce **Block Public Access**; audit with **Access Analyzer**; require encryption (SSE-S3 or SSE-KMS). * [ ] Watch **KMS** request costs for high-request buckets (enable **Bucket Keys**). * [ ] Review monthly: storage growth, request mix, egress, early-delete charges, and lifecycle hit rates. *** ### 🧠 AWS S3 Cost Optimization Challenges S3 is “cheap storage” until request charges, egress, and lifecycle quirks ambush your bill. Here are the **non-trivial cost traps** teams hit—and **fixes** that actually move the needle. *** #### **Q1: Why do buckets with millions of tiny files cost so much?** Per-object overhead and request fees dominate when objects are < \~128 KB; Intelligent-Tiering also penalizes very small objects. **✅ Solution** * **Compact small objects** (e.g., batch logs into Parquet/ORC or TAR bundles via Step Functions/Lambda). * Ensure objects **≥128 KB** before using **Intelligent-Tiering**. * Add **Lifecycle** to archive compacted bundles to **Glacier**. *** #### **Q2: Why am I getting surprise data egress bills?** Ingress is free; **egress isn’t**—especially to the internet, other regions, or through NAT. **✅ Solution** * Put **CloudFront** in front of S3 (edge caching can slash S3 egress). * Use **Gateway VPC Endpoints** to avoid NAT for S3 access. * **Co-locate** producers/consumers in-region and **compress** payloads. *** #### **Q3: Why do request bursts throttle performance (and increase retries/costs)?** Hot prefixes and bursty access can hit per-prefix throughput limits → retries → more requests. **✅ Solution** * **Distribute keys** across prefixes (hash/date partitioning). * Use **multipart uploads** and **byte-range GETs** for large objects. * Implement **exponential backoff** in SDKs; parallelize reads/writes responsibly. *** #### **Q4: Why am I overpaying by using the wrong storage classes?** Cold data in **Standard** or hot data in **archive tiers** wastes money (and time with early-delete fees). **✅ Solution** * Turn on **Storage Class Analysis** → transition with **Lifecycle**. * Use **Intelligent-Tiering** for large, long-lived, unpredictable objects. * Respect **minimum storage durations** (IA/Glacier) to avoid penalties. *** #### **Q5: Why do incomplete multipart uploads and orphans keep inflating bills?** Abandoned MPUs and stray objects/snapshots linger forever. **✅ Solution** * Lifecycle rule to **abort incomplete MPUs** (e.g., after 7 days). * Use **S3 Inventory + Batch Operations** to find & delete orphans. * Automate cleanup with **EventBridge → Lambda**. *** #### **Q6: Why are global transfers and huge files painfully slow (and costly)?** Long haul uploads/downloads and single-stream transfers kill UX and increase retries. **✅ Solution** * Enable **S3 Transfer Acceleration** for long-distance uploads. * **Multipart** uploads for parallelism; **CloudFront** for read caching. * Keep buckets **in the same region** as your compute. *** #### **Q7: Why does listing or auditing large buckets take hours?** Recursive LIST on billions of keys doesn’t scale for analytics/governance. **✅ Solution** * Use **S3 Inventory** (CSV/Parquet) for async listings. * Query via **Athena**/Iceberg catalogs to **prune** by partition/metadata. * Avoid ad-hoc LIST; drive ops from inventory reports. *** #### **Q8: Why is storage exploding without anyone noticing?** No Lifecycle = logs/backups pile up forever; visibility is poor. **✅ Solution** * Define **expire/transition** Lifecycle (e.g., 30–90-day log TTL). * Enable **S3 Storage Lens** to spot growth by prefix/account. * Exclude temporary data from replication and long retention. *** #### **Q9: Why are KMS encryption charges showing up everywhere?** SSE-KMS charges per API call; high-QPS workloads amplify KMS costs. **✅ Solution** * Use **SSE-S3** where compliance permits; reserve **SSE-KMS** for sensitive data. * **Cache data keys** (SDK/app); consolidate keys and tune rotations. * Review KMS usage on hot paths; avoid unnecessary re-encrypts. *** #### **Q10: Why do GET/LIST request fees dwarf storage for read-heavy apps?** Read-intensive ML/analytics or microservices hammer S3 with small, frequent requests. **✅ Solution** * Put **CloudFront** or **ElastiCache** in front of hot objects. * Use **S3 Select** to read **just the columns/rows** you need. * Batch operations and **tune SDKs** to reduce chatter. *** ### ⚙️ Quick Wins * **Inventory & Lens:** Enable **S3 Inventory** + **Storage Lens** (targeted) to find tiny-object floods, orphans, and hot prefixes. * **Lifecycle:** Abort MPUs (7d), expire noncurrent versions, and add time-boxed transitions to IA/Glacier. * **Data layout:** Convert analytics data to **Parquet/ORC + partitioning**; update Athena to select only needed columns. * **Network path:** Add **Gateway VPC Endpoints**; front user traffic with **CloudFront**; eliminate NAT for S3. * **Small-object strategy:** Compact sub-128 KB objects; only then enable **Intelligent-Tiering**. * **KMS sanity:** Swap to **SSE-S3** where allowed; review KMS costs on hot paths. *** ### 📚 References * [Managing the lifecycle of Amazon S3 objects](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) * [Amazon S3 Intelligent-Tiering](https://docs.aws.amazon.com/AmazonS3/latest/userguide/intelligent-tiering-overview.html) * [Locking objects using Amazon S3 Object Lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html) * [AWS Storage Lens for Storage Analytics and Optimization](https://medium.com/%40christopheradamson253/aws-storage-lens-for-storage-analytics-and-optimization-7fcfb0bea465) * [Mastering AWS CloudFront: The Ultimate Guide to Content Delivery](https://mihirpopat.medium.com/mastering-aws-cloudfront-the-ultimate-guide-to-content-delivery-and-website-acceleration-527fcca24b96) > *Pricing/features current as of **October 2025**. Always confirm specifics for your Region in the AWS console and pricing pages.* --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://aws.cloudshim.com/aws-top-services/amazon-s3.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.