AWS S3 Storage Classes: Free Practice Questions + Study Guide
In This Guide
S3 Storage Classes Overview
Amazon Simple Storage Service (S3) is an object storage service offering industry-leading scalability, data availability, security, and performance. One of S3's most powerful features is its range of storage classes, each designed for different data access patterns and cost requirements.
All S3 storage classes provide 99.999999999% (11 nines) of durability -- meaning that if you store 10 million objects in S3, you can expect to lose a single object once every 10,000 years. However, the storage classes differ significantly in availability, retrieval time, and cost.
Here are the seven S3 storage classes you need to know:
- S3 Standard -- The default storage class for frequently accessed data. Provides 99.99% availability and stores data across a minimum of three Availability Zones (AZs). No retrieval fees and no minimum storage duration.
- S3 Intelligent-Tiering -- Automatically moves data between frequent and infrequent access tiers based on usage patterns. Ideal when access patterns are unknown or changing. Includes a small monthly monitoring and automation fee per object, but no retrieval fees.
- S3 Standard-Infrequent Access (Standard-IA) -- Lower storage cost than Standard, but includes a per-GB retrieval fee. Designed for data accessed less than once a month. 99.9% availability. Minimum storage duration of 30 days and minimum object size charge of 128 KB.
- S3 One Zone-Infrequent Access (One Zone-IA) -- Similar to Standard-IA but stores data in only one AZ. 20% cheaper than Standard-IA, with 99.5% availability. Best for re-creatable data or secondary backups.
- S3 Glacier Instant Retrieval -- Archive storage with millisecond retrieval. Ideal for data accessed once per quarter. Up to 68% cheaper than Standard-IA. Minimum storage duration of 90 days.
- S3 Glacier Flexible Retrieval -- Low-cost archive storage with configurable retrieval times: Expedited (1-5 minutes), Standard (3-5 hours), or Bulk (5-12 hours). Minimum storage duration of 90 days.
- S3 Glacier Deep Archive -- The lowest-cost storage class in AWS. Designed for data accessed once or twice per year. Retrieval time: Standard (12 hours) or Bulk (48 hours). Minimum storage duration of 180 days.
When to Use Each Storage Class
Choosing the right storage class depends on your access frequency, retrieval time requirements, and budget. Here's a decision matrix to guide your selection:
| Storage Class | Access Pattern | Retrieval Time | Availability | Min Duration |
|---|---|---|---|---|
| S3 Standard | Frequent (daily/weekly) | Milliseconds | 99.99% | None |
| Intelligent-Tiering | Unknown/changing | Milliseconds | 99.9% | None |
| Standard-IA | Infrequent (monthly) | Milliseconds | 99.9% | 30 days |
| One Zone-IA | Infrequent, re-creatable | Milliseconds | 99.5% | 30 days |
| Glacier Instant Retrieval | Quarterly | Milliseconds | 99.9% | 90 days |
| Glacier Flexible Retrieval | 1-2 times/year | Minutes to hours | 99.99%* | 90 days |
| Glacier Deep Archive | 1-2 times/year | 12-48 hours | 99.99%* | 180 days |
*Availability after restore.
From a cost perspective, the storage classes rank roughly from most expensive to least expensive per GB stored: S3 Standard > Intelligent-Tiering > Standard-IA > One Zone-IA > Glacier Instant Retrieval > Glacier Flexible Retrieval > Glacier Deep Archive. However, retrieval costs go in the opposite direction -- the cheapest storage classes have the highest retrieval fees.
S3 Lifecycle Policies
S3 lifecycle policies automate the transition of objects between storage classes and the deletion of objects that are no longer needed. This is one of the most effective ways to optimize storage costs in AWS.
There are two types of lifecycle actions:
- Transition actions -- Move objects to a different storage class after a specified number of days. For example, move to Standard-IA after 30 days and to Glacier after 90 days.
- Expiration actions -- Permanently delete objects (or object versions) after a specified period. For example, delete objects 365 days after creation, or delete non-current versions after 30 days.
Lifecycle rules can be scoped to apply to the entire bucket, a specific prefix (folder), or objects matching certain tags. Here's an example lifecycle configuration:
{
"Rules": [
{
"ID": "ArchiveOldReports",
"Status": "Enabled",
"Filter": {"Prefix": "reports/"},
"Transitions": [
{"Days": 30, "StorageClass": "STANDARD_IA"},
{"Days": 90, "StorageClass": "GLACIER"},
{"Days": 365, "StorageClass": "DEEP_ARCHIVE"}
],
"Expiration": {"Days": 2555}
}
]
}
This policy transitions objects in the reports/ prefix to Standard-IA after 30 days, Glacier after 90 days, Deep Archive after 1 year, and permanently deletes them after 7 years (2,555 days).
S3 vs EBS vs EFS
AWS offers three primary storage services, each designed for fundamentally different use cases. Understanding the distinction between object storage, block storage, and file storage is critical for the SAA-C03 exam.
| Feature | Amazon S3 | Amazon EBS | Amazon EFS |
|---|---|---|---|
| Storage Type | Object storage | Block storage | File storage (NFS) |
| Access | HTTP/S API | Attached to single EC2 | Shared across EC2 instances |
| Scope | Regional (multi-AZ) | Single AZ | Regional (multi-AZ) |
| Max Size | Unlimited (5 TB per object) | 16 TiB per volume | Petabyte scale |
| Performance | High throughput | Low-latency IOPS | Scalable throughput |
| Use Cases | Static assets, backups, data lakes | Boot volumes, databases | Shared config, CMS, home dirs |
| POSIX Compliant | No | Yes (with file system) | Yes |
When choosing between these services on the exam, look for these keywords:
- S3 -- "object storage", "static website", "data lake", "backup", "unlimited storage", "HTTP access"
- EBS -- "boot volume", "database storage", "low-latency", "single instance", "IOPS", "block-level"
- EFS -- "shared file system", "multiple instances", "NFS", "POSIX", "Linux", "auto-scaling storage"
S3 Security Fundamentals
S3 security is a critical exam topic that spans access control and encryption. AWS provides multiple layers of security to protect your S3 data.
Access Control mechanisms:
- Bucket Policies -- JSON-based resource policies attached to the bucket. Use these to grant cross-account access, enforce encryption, restrict by IP address, or require MFA for delete operations.
- IAM Policies -- Identity-based policies attached to IAM users, groups, or roles. Use these to control which AWS principals can access S3 resources.
- Access Control Lists (ACLs) -- Legacy mechanism for granting basic read/write permissions. AWS recommends disabling ACLs and using bucket policies instead (S3 Object Ownership set to "Bucket owner enforced").
- S3 Block Public Access -- Account-level or bucket-level settings that override any policy or ACL that would grant public access. This is a safety net to prevent accidental data exposure and is enabled by default on new buckets.
Encryption options:
- SSE-S3 (Server-Side Encryption with S3 Managed Keys) -- AWS manages both the encryption key and the master key. Simplest option with no additional cost. Each object is encrypted with a unique key, which is then encrypted by a master key that rotates regularly. This is the default encryption for all new S3 objects.
- SSE-KMS (Server-Side Encryption with AWS KMS Keys) -- AWS KMS manages the encryption keys. Provides audit trail via CloudTrail, separate key permissions, and key rotation control. Incurs KMS API costs and is subject to KMS request rate limits.
- SSE-C (Server-Side Encryption with Customer-Provided Keys) -- You provide and manage the encryption keys; AWS performs the encryption/decryption. Keys must be sent with every request via HTTPS. AWS does not store your keys.
- Client-Side Encryption -- Data is encrypted before uploading to S3. You manage the entire encryption process and keys. AWS never sees unencrypted data.
Get the Complete AWS SAA Study Guide
When you purchase an AWS Solutions Architect practice exam, you get full access to our comprehensive study guides covering every exam topic in depth - not just the free samples here.
Want to go deeper?
AWS S3 Storage Classes Practice Questions
Test your understanding with these 5 expert-created questions. Each includes a detailed explanation to reinforce your learning.
Ready for More?
You've just covered S3 Storage Classes. Here's how to keep preparing for your AWS SAA:
Frequently Asked Questions
Is S3 heavily tested on the AWS Solutions Architect Associate exam?
Yes, Amazon S3 is one of the most heavily tested services on the AWS Solutions Architect Associate (SAA-C03) exam. S3 appears across multiple domains including storage architecture, data protection, cost optimization, and security. Expect questions on storage classes, lifecycle policies, encryption, versioning, replication, and access control. S3 knowledge is foundational to nearly every AWS architecture scenario.
What is the difference between S3 Standard and S3 Standard-IA?
Both S3 Standard and S3 Standard-IA provide 99.999999999% (11 nines) durability and store data across multiple Availability Zones. The key differences are: S3 Standard offers 99.99% availability and no retrieval fee, making it ideal for frequently accessed data. S3 Standard-IA offers 99.9% availability, lower storage cost, but charges a per-GB retrieval fee, making it ideal for data accessed less than once a month. Standard-IA also has a minimum storage duration of 30 days and a minimum object size charge of 128 KB.
When should I use S3 Glacier vs S3 Glacier Deep Archive?
Use S3 Glacier Flexible Retrieval when you need archival storage with retrieval times ranging from minutes (Expedited) to hours (Standard: 3-5 hours, Bulk: 5-12 hours). Use S3 Glacier Deep Archive for data that is rarely accessed (once or twice per year) and can tolerate retrieval times of 12-48 hours. Deep Archive is the lowest-cost storage option in AWS, approximately 75% cheaper than Glacier Flexible Retrieval. Both have a 90-day and 180-day minimum storage duration respectively.
How do S3 lifecycle policies work?
S3 lifecycle policies are rules you define to automatically manage objects over their lifetime. There are two types of actions: Transition actions move objects between storage classes after a specified number of days (e.g., move to Standard-IA after 30 days, then to Glacier after 90 days). Expiration actions permanently delete objects after a specified period. Lifecycle rules can apply to the entire bucket, specific prefixes, or objects matching certain tags. This automates cost optimization by ensuring data moves to cheaper storage as access frequency decreases.