AWS S3 Storage Classes: Free Practice Questions + Study Guide

MB
Moussa BENALI
Senior Network & Security Engineer · 6+ years of experience designing and securing enterprise networks. CCNA, Security+, and AWS certified.
Verified for AWS SAA-C03 · Feb 2026

S3 Storage Classes Overview

Amazon Simple Storage Service (S3) is an object storage service offering industry-leading scalability, data availability, security, and performance. One of S3's most powerful features is its range of storage classes, each designed for different data access patterns and cost requirements.

All S3 storage classes provide 99.999999999% (11 nines) of durability -- meaning that if you store 10 million objects in S3, you can expect to lose a single object once every 10,000 years. However, the storage classes differ significantly in availability, retrieval time, and cost.

📝
SAA-C03 Exam Note: S3 storage classes are among the most heavily tested topics on the AWS Solutions Architect Associate exam. You must understand the trade-offs between each class, including durability, availability, retrieval times, and pricing. See the official AWS S3 storage classes documentation for current pricing and features.

Here are the seven S3 storage classes you need to know:

  • S3 Standard -- The default storage class for frequently accessed data. Provides 99.99% availability and stores data across a minimum of three Availability Zones (AZs). No retrieval fees and no minimum storage duration.
  • S3 Intelligent-Tiering -- Automatically moves data between frequent and infrequent access tiers based on usage patterns. Ideal when access patterns are unknown or changing. Includes a small monthly monitoring and automation fee per object, but no retrieval fees.
  • S3 Standard-Infrequent Access (Standard-IA) -- Lower storage cost than Standard, but includes a per-GB retrieval fee. Designed for data accessed less than once a month. 99.9% availability. Minimum storage duration of 30 days and minimum object size charge of 128 KB.
  • S3 One Zone-Infrequent Access (One Zone-IA) -- Similar to Standard-IA but stores data in only one AZ. 20% cheaper than Standard-IA, with 99.5% availability. Best for re-creatable data or secondary backups.
  • S3 Glacier Instant Retrieval -- Archive storage with millisecond retrieval. Ideal for data accessed once per quarter. Up to 68% cheaper than Standard-IA. Minimum storage duration of 90 days.
  • S3 Glacier Flexible Retrieval -- Low-cost archive storage with configurable retrieval times: Expedited (1-5 minutes), Standard (3-5 hours), or Bulk (5-12 hours). Minimum storage duration of 90 days.
  • S3 Glacier Deep Archive -- The lowest-cost storage class in AWS. Designed for data accessed once or twice per year. Retrieval time: Standard (12 hours) or Bulk (48 hours). Minimum storage duration of 180 days.

When to Use Each Storage Class

Choosing the right storage class depends on your access frequency, retrieval time requirements, and budget. Here's a decision matrix to guide your selection:

Storage Class Access Pattern Retrieval Time Availability Min Duration
S3 Standard Frequent (daily/weekly) Milliseconds 99.99% None
Intelligent-Tiering Unknown/changing Milliseconds 99.9% None
Standard-IA Infrequent (monthly) Milliseconds 99.9% 30 days
One Zone-IA Infrequent, re-creatable Milliseconds 99.5% 30 days
Glacier Instant Retrieval Quarterly Milliseconds 99.9% 90 days
Glacier Flexible Retrieval 1-2 times/year Minutes to hours 99.99%* 90 days
Glacier Deep Archive 1-2 times/year 12-48 hours 99.99%* 180 days

*Availability after restore.

💡
Tip: On the exam, if a question mentions "unknown" or "unpredictable" access patterns, S3 Intelligent-Tiering is almost always the correct answer. If a question mentions data that can be "re-created" and is infrequently accessed, think One Zone-IA.

From a cost perspective, the storage classes rank roughly from most expensive to least expensive per GB stored: S3 Standard > Intelligent-Tiering > Standard-IA > One Zone-IA > Glacier Instant Retrieval > Glacier Flexible Retrieval > Glacier Deep Archive. However, retrieval costs go in the opposite direction -- the cheapest storage classes have the highest retrieval fees.

S3 Lifecycle Policies

S3 lifecycle policies automate the transition of objects between storage classes and the deletion of objects that are no longer needed. This is one of the most effective ways to optimize storage costs in AWS.

There are two types of lifecycle actions:

  1. Transition actions -- Move objects to a different storage class after a specified number of days. For example, move to Standard-IA after 30 days and to Glacier after 90 days.
  2. Expiration actions -- Permanently delete objects (or object versions) after a specified period. For example, delete objects 365 days after creation, or delete non-current versions after 30 days.
Key Constraint: When transitioning from S3 Standard to S3 Standard-IA or One Zone-IA, objects must remain in S3 Standard for a minimum of 30 days. Additionally, objects smaller than 128 KB are not transitioned to IA classes (they incur the minimum size charge). The transition from any class to Glacier classes requires a minimum of 30 days in the current class.

Lifecycle rules can be scoped to apply to the entire bucket, a specific prefix (folder), or objects matching certain tags. Here's an example lifecycle configuration:

Example S3 Lifecycle Policy (JSON)
{
  "Rules": [
    {
      "ID": "ArchiveOldReports",
      "Status": "Enabled",
      "Filter": {"Prefix": "reports/"},
      "Transitions": [
        {"Days": 30, "StorageClass": "STANDARD_IA"},
        {"Days": 90, "StorageClass": "GLACIER"},
        {"Days": 365, "StorageClass": "DEEP_ARCHIVE"}
      ],
      "Expiration": {"Days": 2555}
    }
  ]
}

This policy transitions objects in the reports/ prefix to Standard-IA after 30 days, Glacier after 90 days, Deep Archive after 1 year, and permanently deletes them after 7 years (2,555 days).

💡
Exam Tip: Lifecycle transition rules follow a "waterfall" model -- you can only transition objects from more frequently accessed classes to less frequently accessed classes. You cannot transition objects backward (e.g., from Glacier to Standard-IA). To move data back, you must restore and copy it.

S3 vs EBS vs EFS

AWS offers three primary storage services, each designed for fundamentally different use cases. Understanding the distinction between object storage, block storage, and file storage is critical for the SAA-C03 exam.

Feature Amazon S3 Amazon EBS Amazon EFS
Storage Type Object storage Block storage File storage (NFS)
Access HTTP/S API Attached to single EC2 Shared across EC2 instances
Scope Regional (multi-AZ) Single AZ Regional (multi-AZ)
Max Size Unlimited (5 TB per object) 16 TiB per volume Petabyte scale
Performance High throughput Low-latency IOPS Scalable throughput
Use Cases Static assets, backups, data lakes Boot volumes, databases Shared config, CMS, home dirs
POSIX Compliant No Yes (with file system) Yes
⚠️
Important: EBS volumes can only be attached to one EC2 instance at a time (with the exception of EBS Multi-Attach for io1/io2 volumes). If a question asks about shared storage across multiple instances, the answer is usually EFS (Linux/NFS) or FSx (Windows/SMB). S3 is not a file system -- it is accessed via API, not mounted as a drive.

When choosing between these services on the exam, look for these keywords:

  • S3 -- "object storage", "static website", "data lake", "backup", "unlimited storage", "HTTP access"
  • EBS -- "boot volume", "database storage", "low-latency", "single instance", "IOPS", "block-level"
  • EFS -- "shared file system", "multiple instances", "NFS", "POSIX", "Linux", "auto-scaling storage"

S3 Security Fundamentals

S3 security is a critical exam topic that spans access control and encryption. AWS provides multiple layers of security to protect your S3 data.

Access Control mechanisms:

  • Bucket Policies -- JSON-based resource policies attached to the bucket. Use these to grant cross-account access, enforce encryption, restrict by IP address, or require MFA for delete operations.
  • IAM Policies -- Identity-based policies attached to IAM users, groups, or roles. Use these to control which AWS principals can access S3 resources.
  • Access Control Lists (ACLs) -- Legacy mechanism for granting basic read/write permissions. AWS recommends disabling ACLs and using bucket policies instead (S3 Object Ownership set to "Bucket owner enforced").
  • S3 Block Public Access -- Account-level or bucket-level settings that override any policy or ACL that would grant public access. This is a safety net to prevent accidental data exposure and is enabled by default on new buckets.
Key Concept: S3 access decisions use a union of all policies. An explicit deny in any policy always wins. If there is no explicit deny, the request is allowed if any policy (bucket policy, IAM policy, or ACL) grants access -- but Block Public Access overrides all public grants.

Encryption options:

  • SSE-S3 (Server-Side Encryption with S3 Managed Keys) -- AWS manages both the encryption key and the master key. Simplest option with no additional cost. Each object is encrypted with a unique key, which is then encrypted by a master key that rotates regularly. This is the default encryption for all new S3 objects.
  • SSE-KMS (Server-Side Encryption with AWS KMS Keys) -- AWS KMS manages the encryption keys. Provides audit trail via CloudTrail, separate key permissions, and key rotation control. Incurs KMS API costs and is subject to KMS request rate limits.
  • SSE-C (Server-Side Encryption with Customer-Provided Keys) -- You provide and manage the encryption keys; AWS performs the encryption/decryption. Keys must be sent with every request via HTTPS. AWS does not store your keys.
  • Client-Side Encryption -- Data is encrypted before uploading to S3. You manage the entire encryption process and keys. AWS never sees unencrypted data.
💡
Exam Tip: If a question mentions "audit trail" or "CloudTrail logging of key usage," the answer is SSE-KMS. If the question says the customer must manage their own keys and AWS should not store them, the answer is SSE-C. If the question mentions encrypting data before uploading, the answer is client-side encryption.
Included with Exam Purchase

Get the Complete AWS SAA Study Guide

When you purchase an AWS Solutions Architect practice exam, you get full access to our comprehensive study guides covering every exam topic in depth - not just the free samples here.

All AWS SAA topics covered Detailed explanations 10 free preview pages
Create Free Account to Preview

AWS S3 Storage Classes Practice Questions

Test your understanding with these 5 expert-created questions. Each includes a detailed explanation to reinforce your learning.

Ready for More?

You've just covered S3 Storage Classes. Here's how to keep preparing for your AWS SAA:

Frequently Asked Questions

Is S3 heavily tested on the AWS Solutions Architect Associate exam?

Yes, Amazon S3 is one of the most heavily tested services on the AWS Solutions Architect Associate (SAA-C03) exam. S3 appears across multiple domains including storage architecture, data protection, cost optimization, and security. Expect questions on storage classes, lifecycle policies, encryption, versioning, replication, and access control. S3 knowledge is foundational to nearly every AWS architecture scenario.

What is the difference between S3 Standard and S3 Standard-IA?

Both S3 Standard and S3 Standard-IA provide 99.999999999% (11 nines) durability and store data across multiple Availability Zones. The key differences are: S3 Standard offers 99.99% availability and no retrieval fee, making it ideal for frequently accessed data. S3 Standard-IA offers 99.9% availability, lower storage cost, but charges a per-GB retrieval fee, making it ideal for data accessed less than once a month. Standard-IA also has a minimum storage duration of 30 days and a minimum object size charge of 128 KB.

When should I use S3 Glacier vs S3 Glacier Deep Archive?

Use S3 Glacier Flexible Retrieval when you need archival storage with retrieval times ranging from minutes (Expedited) to hours (Standard: 3-5 hours, Bulk: 5-12 hours). Use S3 Glacier Deep Archive for data that is rarely accessed (once or twice per year) and can tolerate retrieval times of 12-48 hours. Deep Archive is the lowest-cost storage option in AWS, approximately 75% cheaper than Glacier Flexible Retrieval. Both have a 90-day and 180-day minimum storage duration respectively.

How do S3 lifecycle policies work?

S3 lifecycle policies are rules you define to automatically manage objects over their lifetime. There are two types of actions: Transition actions move objects between storage classes after a specified number of days (e.g., move to Standard-IA after 30 days, then to Glacier after 90 days). Expiration actions permanently delete objects after a specified period. Lifecycle rules can apply to the entire bucket, specific prefixes, or objects matching certain tags. This automates cost optimization by ensuring data moves to cheaper storage as access frequency decreases.