Store files in the cloud with S3: create buckets, upload and download objects, pick storage classes to cut costs, automate cleanup with lifecycle rules, turn on versioning and encryption, and host a static website.
S3 (Simple Storage Service) stores "objects" (files) in "buckets" (top-level containers). Why: it is the default place to keep anything — images, backups, logs, static sites — with effectively unlimited capacity and 11 nines of durability. Note: bucket names are globally unique across all of AWS, so add something distinctive.
Create a bucket (the name must be globally unique)
aws s3 mb s3://my-app-uploads-7f3kUpload a file (it becomes an "object")
aws s3 cp ./photo.jpg s3://my-app-uploads-7f3k/List what's in the bucket
aws s3 ls s3://my-app-uploads-7f3k/Download it back
aws s3 cp s3://my-app-uploads-7f3k/photo.jpg ./downloaded.jpg`aws s3 sync` copies only what changed between a local folder and a bucket (or vice-versa). Why: it is the fast, repeatable way to push a whole directory — a built website, a backup set — without re-uploading unchanged files.
Upload a whole folder, mirroring it into the bucket
aws s3 sync ./public s3://my-app-uploads-7f3k/siteAdd --delete to also remove bucket files that no longer exist locally
aws s3 sync ./public s3://my-app-uploads-7f3k/site --deleteNot all data is accessed equally. Storage classes trade retrieval speed/cost for storage cost: Standard (hot, default), Standard-IA (infrequent access, cheaper to store but charged to read), Glacier (archive, minutes-to-hours to restore, cheapest). Why: matching class to access pattern can cut the bill dramatically.
Upload directly into the cheaper Infrequent-Access class
aws s3 cp ./old-report.pdf s3://my-app-uploads-7f3k/ \
--storage-class STANDARD_IAArchive something to Glacier for long-term, rarely-read storage
aws s3 cp ./2019-logs.tar.gz s3://my-app-uploads-7f3k/ \
--storage-class GLACIERA lifecycle rule transitions or deletes objects automatically as they age. Why: instead of cleaning up by hand, you say "move to IA after 30 days, Glacier after 90, delete after a year" once, and S3 enforces it forever.
Save this as lifecycle.json
{
"Rules": [{
"ID": "archive-then-delete",
"Status": "Enabled",
"Filter": { "Prefix": "logs/" },
"Transitions": [
{ "Days": 30, "StorageClass": "STANDARD_IA" },
{ "Days": 90, "StorageClass": "GLACIER" }
],
"Expiration": { "Days": 365 }
}]
}aws s3api put-bucket-lifecycle-configuration \
--bucket my-app-uploads-7f3k \
--lifecycle-configuration file://lifecycle.jsonWith versioning on, overwriting or deleting an object keeps the old copy as a previous version. Why: it protects against accidental deletes and bad overwrites — you can roll any object back. Note: old versions keep costing storage, so pair this with a lifecycle rule to expire them.
Turn versioning on
aws s3api put-bucket-versioning --bucket my-app-uploads-7f3k \
--versioning-configuration Status=EnabledSee every version of every object
aws s3api list-object-versions --bucket my-app-uploads-7f3k \
--query 'Versions[].[Key,VersionId,IsLatest]' --output tableS3 encrypts new objects by default, but you can require a specific key. Server-side encryption with KMS (SSE-KMS) lets you control and audit the key used. Why: compliance and defense in depth — even someone with raw disk access cannot read the bytes.
Require KMS encryption for the whole bucket. Save this as encryption.json
{
"Rules": [{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "aws:kms"
}
}]
}aws s3api put-bucket-encryption --bucket my-app-uploads-7f3k \
--server-side-encryption-configuration file://encryption.jsonA bucket policy is a resource-based policy (you met these in the IAM lesson) that controls access to the bucket. Why: it is how you grant or restrict access at the bucket level — for example, allowing public read for a website, or locking a bucket to one account.
Block ALL public access (the safe default for private data)
aws s3api put-public-access-block --bucket my-app-uploads-7f3k \
--public-access-block-configuration \
BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=trueS3 can serve a folder of HTML/CSS/JS straight to browsers — no server needed. Why: it is the cheapest way to host a static site or single-page app. Note: for a real site you put CloudFront (the CDN lesson) in front for HTTPS and caching.
Enable website hosting with an index and error page
aws s3 website s3://my-site-bucket-7f3k/ \
--index-document index.html \
--error-document error.htmlUpload the site
aws s3 sync ./dist s3://my-site-bucket-7f3k/It's now reachable at the bucket's website endpoint, e.g. http://my-site-bucket-7f3k.s3-website-us-east-1.amazonaws.com