Amazon S3 (Simple Storage Service) is one of the oldest and most widely used AWS services. It provides virtually unlimited object storage — meaning you can store any kind of file: images, videos, backups, logs, datasets, and even full static websites. S3 is durable, available, and scales automatically. This guide covers everything a beginner needs to get started with S3 confidently.
Core S3 Concepts
Before diving into the console, understand these fundamental building blocks:
- Bucket — A top-level container for storing objects. Bucket names are globally unique across all AWS accounts.
- Object — Any file stored in a bucket. Each object has a key (its name/path), the data itself, and optional metadata.
- Key — The full path to an object within a bucket, e.g.
images/profile/user123.jpg. - Region — S3 buckets live in a specific AWS region. Choose a region close to your users for lower latency.
Creating Your First S3 Bucket
In the AWS Console, navigate to S3 and click Create bucket. Choose a unique name (e.g. my-app-assets-2026), select your region, and leave Block all public access enabled for now — you can loosen this later for specific use cases.
# Create a bucket using the AWS CLI
aws s3 mb s3://my-app-assets-2026 --region us-east-1Uploading and Downloading Objects
You can upload objects through the console or CLI. The CLI is far more powerful for scripting and automation:
# Upload a single file
aws s3 cp ./report.pdf s3://my-app-assets-2026/reports/report.pdf
# Upload an entire directory recursively
aws s3 sync ./build/ s3://my-app-assets-2026/website/
# Download an object
aws s3 cp s3://my-app-assets-2026/reports/report.pdf ./local-report.pdf
# List all objects in a bucket
aws s3 ls s3://my-app-assets-2026 --recursiveS3 Storage Classes
S3 offers multiple storage classes optimized for different access patterns and costs:
- S3 Standard — Default. High durability and availability. Best for frequently accessed data.
- S3 Standard-IA — Infrequent Access. Lower storage cost, but a retrieval fee. Good for backups.
- S3 Glacier Instant Retrieval — Archival storage, millisecond retrieval. Great for compliance data.
- S3 Glacier Deep Archive — Lowest cost, 12-hour retrieval. For data you rarely need.
- S3 Intelligent-Tiering — Automatically moves objects between tiers based on usage patterns.
Bucket Policies and Access Control
By default, all S3 objects are private. To grant public read access to a bucket (for a static website, for example), you first must disable Block Public Access, then attach a bucket policy:
# Example bucket policy for public read access (paste in S3 Console > Permissions > Bucket Policy)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-app-assets-2026/*"
}
]
}Never apply public access policies to buckets containing sensitive or private data.
Versioning
Enable versioning to keep multiple versions of every object. This protects against accidental deletion or overwrites:
# Enable versioning on a bucket
aws s3api put-bucket-versioning
--bucket my-app-assets-2026
--versioning-configuration Status=EnabledOnce enabled, deleting an object places a delete marker rather than permanently removing it. You can restore previous versions at any time from the console or CLI.
Lifecycle Rules
Lifecycle rules automatically transition or delete objects based on age — perfect for reducing storage costs:
- Transition objects to S3-IA after 30 days
- Move to Glacier after 90 days
- Permanently delete after 365 days
Configure these in the S3 console under Management > Lifecycle rules, or via the CLI with aws s3api put-bucket-lifecycle-configuration.
Static Website Hosting
S3 can serve static HTML, CSS, and JavaScript files as a website — with no server required:
# Enable static website hosting
aws s3 website s3://my-app-assets-2026/
--index-document index.html
--error-document error.htmlYour site will be available at a URL like http://my-app-assets-2026.s3-website-us-east-1.amazonaws.com. Pair it with CloudFront for HTTPS and global CDN delivery.
Pre-Signed URLs
Pre-signed URLs allow temporary, time-limited access to private objects without changing bucket permissions — ideal for letting users download files securely:
# Generate a pre-signed URL valid for 1 hour (3600 seconds)
aws s3 presign s3://my-app-assets-2026/reports/report.pdf --expires-in 3600S3 Pricing Overview
S3 pricing has three main components: storage (per GB/month), requests (per 1,000 GET/PUT operations), and data transfer out (data leaving AWS costs money; data coming in is free). The free tier includes 5 GB of Standard storage, 20,000 GET requests, and 2,000 PUT requests per month.
Summary
Amazon S3 is the backbone of countless AWS architectures. Whether you're storing application assets, backing up databases, archiving logs, or hosting a static website, S3 provides the reliability and scalability to handle it all at low cost. Master S3 early — it connects to nearly every other AWS service you'll learn.