Slide 01/12

Serverless Infrastructure

AMAZON S3 & STATIC WEB OPERATIONS

OBJECT STORAGE • PERMISSIONS • WEBSITE HOSTING

Slide 02/12

Introduction to Cloud Storage

Block Storage vs. Object Storage.

Block Storage (EBS): Network-attached virtual hard drives formatted with specific filesystems (e.g., ext4, NTFS). Ideal for operational VM boots and databases.
Object Storage (S3): Flat file architecture designed for storing unstructured files, images, and static code. Accessed exclusively over APIs.
Management Overhead: Object storage requires no operating system orchestration or disk size allocation.

Slide 03/12

Amazon S3 Object Storage

Simple Storage Service

AWS's oldest, most resilient serverless storage platform. S3 abstracts hardware entirely, allowing you to upload files up to 5 TB in size.

Unmatched Durability: Designed for 99.999999999% (11 9s) of data durability across multiple Availability Zones.
Global Namespace: S3 Bucket names are globally unique. No two AWS accounts in the world can share the exact same bucket name.
Automatic Scaling: Storage scales automatically. You only pay for the exact gigabytes and API calls you consume.

11 Nines

Durability backed by automated replication across at least 3 distinct physical data centers.

Slide 04/12

Buckets & Objects Anatomy

Everything in S3 is an Object located in a Bucket.

Buckets: The top-level root containers. They are regional resources but defined globally.
Objects: The files themselves. Composed of a **Key** (the path) and the **Value** (raw bytes).
Flat Namespace: S3 has NO real folders. Slashes in file names are simply prefixes parsed as directories visually by the console.

// S3 KEY PARSING BLUEPRINT

s3://techaxis-bucket/assets/img/logo.png

[techaxis-bucket] ➔ Global Unique Bucket
[assets/img/] ➔ Object Prefix (Virtual Folders)
[logo.png] ➔ Object Key Target

Slide 05/12

S3 Storage Classes

S3 Standard

High-throughput, low-latency, general-purpose object storage. Ideal for active website assets, application files, and hot assets.

Active Web Fleets

S3 Standard-IA

Designed for data accessed less frequently but requires millisecond retrieval when requested. Lower storage cost but charges retrieve fees.

System Backups

S3 Glacier

Extreme low-cost archive tiers. Retrieval times scale from minutes (Expedited) to hours (Standard/Bulk). Highly durable long-term archiving.

Regulatory Audit Logs

Class	Availability	Min Duration
Standard	99.99%	None
Standard-IA	99.9%	30 Days
Glacier Flexible	99.99% (archived)	90 Days

Slide 06/12

S3 Security & Permissions

Private by Default: Zero Inbound Access.

IAM Policies: Attached to users/groups. Authorizes specific local users or internal machines to fetch/put bucket assets.
S3 Bucket Policies: Resource-based JSON policies attached directly to S3. Ideal for cross-account delegation or authorizing anonymous public reads.
Block Public Access (BPA): An account-level override switch preventing unintentional public leaks of sensitive company files.

🛡️ EVALUATION RULE

"An S3 API action is authorized if the IAM permission OR the Bucket policy allows it, AND there is no explicit DENY statement anywhere in the chain."

Slide 07/12

JSON Bucket Policies

How to authorize anonymous web reads on S3:

Principal: Setting `"*"` authorizes public anonymous web browsers to access.
Action: s3:GetObject is the read target API.
Resource Object Target: Notice the trailing /*. This targets all objects *inside* the bucket container, not the bucket itself.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "PublicReadGetObject", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-bucket-name/*" } ] }

Slide 08/12

Block Public Access Guardrails

Preventing Corporate Data Leaks.

The Safety Switch: Block Public Access (BPA) is activated automatically by default on all newly created buckets.
Override Protection: If checked, S3 blocks public resource-based policies even if a developer explicitly configures an "Allow" principal.
Web Operation Prerequisite: To configure S3 static web hosting, this block must be manually deactivated.

⚠️ LAB CRUCIAL TRAP

If you deploy your static website but receive 403 Access Denied, ensure you have unchecked "Block public access" AND successfully applied the public bucket policy!

Slide 09/12

S3 Static Website Hosting

Zero Server overhead. Infinite horizontal scaling.

Pure Serverless: No EC2 instances, OS kernels, or application runtimes needed to serve frontend pages (SPA).
Configuration parameters: Define your default index document (usually index.html) and error document.
Endpoint Syntax: The web-hosting endpoint URL includes the region code and deviates from standard API formats.

Slide 10/12

Versioning & Lifecycles

Data Protection & Cost Optimizations:

S3 Versioning: Enabled at bucket level. Retains historical, immutable iterations of overwritten or deleted objects.
Accidental Deletes: Deletes generate a "Delete Marker" instead of purging raw data, enabling easy restores.
Lifecycle Rules: Automate transition pathways (e.g., move files to Glacier after 90 days, expire old versions).

🔄 Version Matrix

index.html ➔ Version: v_102 (Active)
index.html ➔ Version: v_101 (Archived)
index.html ➔ Version: v_100 (Initial)

Slide 11/12

S3 CORS (Cross-Origin Access)

Browser-Based Security.

CORS: Cross-Origin Resource Sharing. Enforces strict rules regarding cross-domain assets loading.
The Problem: Web browser scripts on website-a.com cannot fetch assets from S3 bucket bucket-b.
The Solution: Configure S3 CORS parameters (XML/JSON) to explicitly allow incoming web origins.

★ SAMPLE CORS RULE

[
  {
    "AllowedOrigins": ["*"],
    "AllowedMethods": ["GET"],
    "AllowedHeaders": ["*"]
  }
]

Slide 12/12

HANDS-ON LAB

STATIC WEBSITE OPERATIONS & BUCKET POLICIES