---
title: Amazon S3
description: Amazon Simple Storage Service — scalable object storage for any amount of data, used for backups, data lakes, static websites, and application assets.
url: https://www.factualminds.com/glossary/amazon-s3/
publishDate: 2026-06-13
updateDate: 2026-06-13
---

# Amazon S3

> Amazon Simple Storage Service — scalable object storage for any amount of data, used for backups, data lakes, static websites, and application assets.

## Definition

Amazon Simple Storage Service (S3) is AWS's object store: **buckets** hold **objects** (up to 5 TB each) addressed by keys, with 11-nines durability for Standard storage across multiple Availability Zones. S3 underpins backups, static sites, data lakes, ML datasets, and application assets. Access is HTTPS-native (`s3://` or REST APIs); authorization combines IAM, bucket policies, ACLs (legacy), and optional VPC endpoints for private traffic.

Beyond Standard, **storage classes** trade cost for retrieval latency and AZ scope. **S3 Intelligent-Tiering** automates tier movement for unpredictable access. Specialized bucket types in 2026 extend S3 into analytics and AI: **S3 Tables** (managed Apache Iceberg), **S3 Vectors** (embedding storage), and **S3 Express One Zone** (single-AZ, millisecond latency). Lifecycle policies, versioning, replication (CRR/SRR), Object Lock (WORM), and Event Notifications integrate S3 into event-driven and compliance architectures.

| Storage class                             | Access pattern   | Retrieval        |
| ----------------------------------------- | ---------------- | ---------------- |
| S3 Standard                               | Frequent         | Milliseconds     |
| Intelligent-Tiering                       | Unknown/changing | Milliseconds     |
| Standard-IA / One Zone-IA                 | Infrequent       | Milliseconds     |
| Glacier Instant / Flexible / Deep Archive | Archive          | Minutes to hours |

## When to use it

- Durable object storage for any size — media, logs, backups, artifacts, and data lake landing zones.
- Static website hosting, CDN origins (CloudFront), and user-generated content with pre-signed upload URLs.
- Event-driven pipelines via **S3 Event Notifications** → Lambda, SQS, or SNS on `PutObject`.
- Compliance retention with **versioning + Object Lock** for WORM and legal hold requirements.

## When not to use it

- POSIX file semantics or shared mutable files — use EFS, FSx, or block storage on EC2.
- Low-latency random read/write on small keys at OLTP rates — DynamoDB or ElastiCache fit better.
- Single-digit-ms latency for millions of small objects without **Express One Zone** — Standard S3 optimizes for throughput and durability, not microsecond tail latency.

## Tips

- Enable **S3 Block Public Access** at the account level; grant access with IAM roles and bucket policies, not `"Principal": "*"`.
- Turn on **versioning** for buckets that hold irreplaceable data — deletes become delete markers, not permanent loss.
- Default new buckets to **SSE-KMS** with a customer managed key when you need CloudTrail audit of decrypt events per object class.
- Implement **lifecycle rules** early: transition to IA/Glacier after N days and expire incomplete multipart uploads after 7 days.
- Use **S3 Inventory + Storage Lens** quarterly to find Standard objects that have not been read in 90+ days — prime candidates for Intelligent-Tiering or IA.

## Gotchas

- **Serious:** A misconfigured **bucket policy** exposing `ListBucket` + `GetObject` to the internet is still a top AWS breach pattern — Block Public Access does not fix intentional overly broad policies.
- **Serious:** **Cross-Region Replication** does not replicate delete markers unless configured — DR drills that assume bidirectional mirror semantics fail silently.
- **Regular:** **Request costs** dominate for small-object-heavy workloads — billions of LIST operations on prefix-heavy buckets burn budget faster than storage GB-months.
- **Regular:** **Strong read-after-write consistency** applies globally now, but **list** operations still lag behind highly concurrent write/delete patterns in some analytics jobs — design idempotent consumers.
- **Regular:** Replacing an object without versioning increments storage silently if old versions accumulate — lifecycle rules must include noncurrent version expiration.

## Official references

- [S3 security best practices](https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html) — encryption, access points, and logging.
- [S3 Lifecycle configuration](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) — transitions and expirations.

## Related FactualMinds content

- [Cloud Cost Optimization Services](/services/aws-cloud-cost-optimization-services/)
- [FinOps Consulting](/services/finops-consulting/)
- [AWS Data Analytics](/services/aws-data-analytics/)
- [S3 Tables](/glossary/s3-tables/) · [S3 Vectors](/glossary/s3-vectors/) · [S3 Express One Zone](/glossary/s3-express-one-zone/)
- [AWS Well-Architected Review Checklist](/blog/aws-well-architected-framework-6-pillars-explained/)

## Related AWS Services

- aws-cloud-cost-optimization-services
- finops-consulting
- aws-data-analytics

## Related Posts

- aws-well-architected-framework-6-pillars-explained

---

*Source: https://www.factualminds.com/glossary/amazon-s3/*