AWS S3 Subresources
S3 Subresources supports the storage and management of bucket configuration information
S3 subresources are only available in the context of a particular bucket or object
S3 refers to a subresource that is associated with buckets or objects.
S3 Subresources can be subordinates to objects. They are not independent entities. Instead, they are associated with another entity such as an object or bucket.
S3 allows you to configure a bucket to host websites, add configuration to manage the lifecycle of objects, and log all access to the bucket.
Refer blog post @ S3 Object Lifecycle Management
Hosting a static website
S3 can be used to host static websites with client-side scripts.
S3 does NOT support server-side scripting
S3 can be used in conjunction with Route 53 to host a website at the root domain that can point to the S3 website.
S3 website endpoints don’t support HTTPS or access ports
S3 website hosting should make the content publicly readable. This can be done using a bucket policy, or an ACL for an object.
You can configure the index, the error document, and the conditional routing for an object name.
Bucket policy only applies to objects owned by the bucket owners. If the bucket contains items not owned by the bucket owners, then public READ permission should be granted using object ACL.
DevPay buckets and Requester Pays buckets don’t allow access to the website endpoint. Any request to such a bucket may receive a 403-Access Denied responseS3 Versioning
Refer blog post @ S3 Object Versioning
Policy & Access Control List (ACL).
Refer blog post @ S3 Permissions
CORS (Cross Origin Resource sharing)
All browsers use the Same-Origin policy for security reasons. This means that a web page can only request resources from the domain it originates from.
CORS gives client web applications that are loaded in one domain access the restricted resources that can be requested from another domain.
S3 supports cross-origin access with CORS support
CORS configuration rules identify origins that can access the bucket, the operations (HTTP Methods) that would be supported for each source, and other operation-specific informationS3 Logs
S3 Access Logs allows you to track access requests to an S3 bucket.
S3 Access logs will be disabled by default
Each access log record contains details about a single access request. This includes the requester’s bucket name, request time and request action. The response status and error codes are also included.
Access log information can be helpful in security and access audits, as well as helping to learn about customers and understand the S3 bill.
S3 periodically collects access records, consolidates them in log files, then uploads log file to a target bucket, where they are stored as log objects.
Logging can be enabled for multiple source buckets that share the same target bucket. Each log object will report access log records only for one source bucket.
You can analyze S3 Access Logs using data analysis tools or AthenaTagging
S3 offers the tagging subresource for storing and managing tags on a bucket
To track AWS costs, cost allocation tags can be added.
AWS can create a cost allocation report that aggregates usage and costs by using tags to bucketsLocation
The bucket must be created in the AWS region. It cannot be changed.
S3 stores this information within the location subresource. An API is available to retrieve this informationEvent Notifications
S3 notification allows you to trigger notifications when certain events occur in the bucket.
Notifications are available at the Bucket Level
Notifications can be configured so that they are filtered by the suffix and prefix of the key name objects. Filtering rules can’t be defined with too many parameters.
AWS S3 Subresources