MLOps Training

Appearance

Domain 3: Storage Services

CLF-C02 Exam Domain 3 - Part 2 | 34% of Scored Content

Learning Objectives

By the end of this section, you will be able to:

  • Understand Amazon S3 core features and storage classes
  • Compare EBS, EFS, and Instance Store
  • Identify appropriate storage solutions for use cases
  • Understand S3 security and replication options
  • Compare storage costs and performance

Amazon S3 (Simple Storage Service)

Overview

Amazon S3 is object storage built to store and retrieve any amount of data from anywhere.

Key Characteristics

FeatureDescription
Object StorageStore files as "objects" (data + metadata)
Unlimited StorageNo limit on amount of data
High Durability99.999999999% (11 nines)
High Availability99.99% availability
ScalableVirtually unlimited throughput
Low CostPay for what you use

S3 Core Concepts

1. Buckets

Definition: Containers for objects stored in S3.

Bucket Characteristics:

  • Globally Unique Name: DNS-compliant name
  • Region: Bucket resides in a specific region
  • Unlimited Objects: No limit on objects per bucket

Naming Rules:

  • 3-63 characters long
  • Lowercase letters, numbers, hyphens
  • Must start with letter or number
  • Must not end with hyphen
  • Cannot use xn-- prefix (punycode)

2. Objects

Definition: The fundamental entities stored in S3.

Object Components:

  • Key: Unique identifier (filename + path)
  • Data: The actual content
  • Metadata: Information about the object
  • Version ID: If versioning is enabled

Example:

Bucket: my-app-bucket
Key: images/2024/photo.jpg
URL: https://my-app-bucket.s3.us-east-1.amazonaws.com/images/2024/photo.jpg

3. S3 Storage Classes

Comparison Table:

Storage ClassDesignDurabilityAvailabilityMinimum StorageMinimum ChargeUse Case
StandardFrequent access99.999999999%99.99%NoneNonePrimary data
Intelligent-TieringAuto tiering99.999999999%99.9%30 daysNoneUnknown access patterns
Standard-IAInfrequent access99.999999999%99.9%30 days30 daysData accessed less often
One Zone-IAInfrequent, one AZ99.999999999%99.5%30 days30 daysSecondary copy
GlacierLong-term archive99.999999999%99.99%None90 daysRarely accessed data
Glacier Deep ArchiveLong-term archive99.999999999%99.99%None180 daysRarely accessed, lowest cost
OutpostsOn-premises99.999999999%99.99%NoneNoneOn-premises storage

Storage Class Decision Tree:

Frequent Access?
  ├─ Yes → S3 Standard
  └─ No
      ├─ Need fastest retrieval (minutes)? → S3 Standard-IA
      ├─ OK with hours? → S3 Glacier Flexible Retrieval
      ├─ OK with 12 hours? → S3 Glacier Deep Archive
      └─ Unknown access pattern? → S3 Intelligent-Tiering

4. S3 Features

Versioning:

  • Keeps multiple versions of an object
  • Protects from accidental deletion
  • Once enabled, cannot be disabled (only suspended)
  • Use Cases: Backup, data protection, rollback

Lifecycle Policies:

  • Automatically transition objects between storage classes
  • Automatically expire/delete objects
  • Rules: Based on age, prefix, tags
  • Example: Move to Standard-IA after 30 days, to Glacier after 90 days

Encryption:

  • Server-Side Encryption:
    • SSE-S3: AWS-managed keys
    • SSE-KMS: AWS KMS managed keys
    • SSE-C: Customer-provided keys
  • Client-Side Encryption: Encrypt before upload

Replication:

  • Same-Region Replication (SRR): Copy within region
  • Cross-Region Replication (CRR): Copy to different region
  • Requirements: Versioning enabled, source/dest buckets in different regions
  • Use Cases: Disaster recovery, compliance, latency reduction

Event Notifications:

  • S3 can publish events to:
    • SNS: Send notifications
    • SQS: Queue messages
    • Lambda: Trigger functions
  • Events: Object created, removed, or replicated

S3 Select:

  • Retrieve subset of data from an object
  • Use Case: Filter large CSV/JSON files
  • Benefit: Reduce data transfer and cost

Requester Pays:

  • Bucket owner doesn't pay for data transfer
  • Requester pays for download and transfer
  • Use Case: Sharing public datasets

5. S3 Security

Access Control:

FeatureDescription
Bucket PoliciesJSON-based policies for bucket access
ACLsAccess Control Lists (legacy)
Block Public AccessPrevent public access at account/bucket level
Presigned URLsTemporary access to private objects
CloudFront OAIGrant CloudFront access to private content

Bucket Policy Example:

json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {"AWS": "arn:aws:iam::123456789012:user/bob"},
      "Action": ["s3:GetObject"],
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}

Presigned URLs:

  • Temporary access (expires after set time)
  • Use Case: Share private files without making public
  • CLI: aws s3 presign s3://bucket/key --expires-in 3600

6. S3 Performance

Optimization Tips:

  • Parallel Uploads: Use multipart upload for large files
  • S3 Transfer Acceleration: Use CloudFront edge locations
  • Byte-Range Fetches: Get specific byte ranges
  • S3 Transfer Acceleration: Faster long-distance transfers

Amazon EBS (Elastic Block Store)

Overview

Amazon EBS provides block-level storage volumes for use with EC2 instances.

Key Characteristics

FeatureDescription
Block StorageLike a hard drive
PersistentData survives instance stop/start
Network-AttachedAccessed over the network
Single InstanceOne volume attached to one instance
SnapshotsPoint-in-time backups to S3

EBS Volume Types

TypeNameIOPSThroughputUse CaseCost
gp2General Purpose SSDUp to 16,000Up to 250 MB/sBoot volumes, general workloadsLow
gp3General Purpose SSDUp to 16,000Up to 1,000 MB/sCost-effective, flexibleLowest
io1Provisioned IOPS SSDUp to 64,000Up to 1,000 MB/sCritical applications, databasesHigh
io2Provisioned IOPS SSDUp to 256,000Up to 4,000 MB/sHighest performance, enterpriseHighest
st1Throughput Optimized HDD500Up to 500 MB/sBig data, data warehousesLow
sc1Cold HDD250Up to 250 MB/sFile servers, log storageLowest

Volume Selection Guide:

Boot Volume or General Workload?
  ├─ Yes → gp3 (best value, predictable performance)
  └─ No
      ├─ Highest performance needed? → io2
      ├─ Big data, throughput needed? → st1
      └─ infrequent access? → sc1

EBS Snapshots

Characteristics:

  • Incremental backups (only changed data)
  • Stored in S3
  • Can create volumes from snapshots
  • Cross-region copy for DR
  • Pricing: Storage ($0.05/GB/month), data transfer

Snapshot Lifecycle:

Volume → Snapshot → Copy to S3
              └─ Create new volume from snapshot

EBS Encryption

  • Enabled at volume creation
  • Uses AWS KMS
  • Encrypted snapshots only create encrypted volumes
  • No performance impact

Amazon EFS (Elastic File System)

Overview

Amazon EFS provides a simple, scalable file system for use with EC2 instances.

Key Characteristics

FeatureDescription
File StorageLike NAS, uses NFS protocol
Shared AccessMultiple instances can access simultaneously
PersistentData survives instance termination
ScalableGrows and shrinks automatically
Pay-per-usePay for storage used

EFS Performance

Performance Modes:

ModeDescriptionUse Case
General PurposeLower latency per operationMost workloads
Max I/OHigher latency, higher throughputLarge-scale parallel workloads

Throughput Modes:

ModeDescriptionCost
BurstingBaseline + creditsDefault, lower cost
ProvisionedFixed throughputHigher cost, predictable

EFS vs EBS

FeatureEFSEBS
AccessMultiple instancesSingle instance
SizeUp to PBUp to 16 TB (io2)
ProtocolNFSBlock device
PricingPer GB usedPer GB provisioned
Use CaseShared file system, web servingBoot volume, database

EFS Storage Classes

ClassDescriptionCost
StandardFrequently accessed dataHigher
Infrequent Access (IA)Less frequently accessedLower
ArchiveRarely accessedLowest

Lifecycle policy: Move to IA after 30/60/90/180/270 days of no access

S3 Security Deep Dive

Block Public Access

Account-Level Settings:

  • Block Public Access (account level)
  • Block all public access
  • Block public access to buckets and objects granted through new ACLs
  • Block public and cross-account access to buckets and objects

Bucket-Level Settings:

  • Same settings apply to individual bucket

Best Practice: Enable Block Public Access for buckets containing sensitive data

Encryption Options

Encryption TypeKey ManagementUse Case
SSE-S3AWS-managedSimple encryption
SSE-KMSKMS-managedControl key policies, audit
SSE-CCustomer-managedFull control
DSSE-KMSDouble-layer KMSHighest security

Encryption in Transit

  • HTTPS: Secure communication
  • SSL/TLS: Use presigned URLs with HTTPS
  • VPC Endpoints: Private connectivity to S3

Exam Tips - Storage Services

High-Yield Topics

  1. S3 Storage Classes:

    • Standard = Frequent access
    • Standard-IA = Infrequent access, 30-day minimum
    • Glacier/Deep Archive = Long-term archive, retrieval time
    • Intelligent-Tiering = Auto-tiering based on access

  2. S3 Features:

    • Versioning = Multiple versions, cannot be disabled (only suspended)
    • Lifecycle policies = Auto transition/delete
    • Replication = CRR for DR, SRR for backup
    • Encryption = SSE-S3, SSE-KMS, SSE-C

  3. EBS vs Instance Store:

    • EBS = Persistent, network-attached
    • Instance Store = Ephemeral, on-host

  4. EBS Volume Types:

    • gp2/gp3 = General purpose (gp3 has better price/performance)
    • io1/io2 = High IOPS, databases
    • st1/sc1 = HDD, big data, low cost

  5. EFS:

    • File storage, NFS protocol
    • Shared across multiple instances
    • Auto-scaling

  6. S3 URLs:

    • Path-style: https://s3.region.amazonaws.com/bucket/key
    • Virtual-hosted: https://bucket.s3.region.amazonaws.com/key

Additional Resources

DigitalCloud Training Cheat Sheets

Official AWS Documentation

AWS Storage Resources

Next: Database Services

Released under the MIT License.

Copyright © 2026-present