What are S3 "Files"?
In Amazon S3, there are no traditional files or folders. Everything is an object stored in a bucket. Each object consists of:
Object Anatomy
- Key — the unique identifier (path-like name, e.g.
reports/2026/q1-summary.pdf) - Value — the actual data (up to 5 TB per object)
- Metadata — key-value pairs (content-type, custom headers, encryption info)
- Version ID — unique version identifier (when versioning is enabled)
Storage Classes
| Class | Use Case | Retrieval |
|---|---|---|
| S3 Standard | Frequently accessed data | Instant |
| S3 Intelligent-Tiering | Unknown or changing access patterns | Instant |
| S3 Standard-IA | Infrequent access, rapid retrieval needed | Instant |
| S3 Glacier Instant | Archive with instant access | Milliseconds |
| S3 Glacier Flexible | Archive, minutes to hours | 1-12 hours |
| S3 Glacier Deep Archive | Compliance archives | 12-48 hours |
Common Operations
# Upload a file
aws s3 cp myfile.txt s3://my-bucket/path/myfile.txt
# List objects
aws s3 ls s3://my-bucket/path/
# Download
aws s3 cp s3://my-bucket/path/myfile.txt ./local-copy.txt
# Sync a directory
aws s3 sync ./local-dir s3://my-bucket/prefix/Access Control
Bucket Policy (recommended)
JSON-based policies attached to the bucket. Use for cross-account access, public access, or VPC-restricted access.
IAM Policies
Attached to users/roles. Use s3:GetObject, s3:PutObject, s3:ListBucket actions with resource ARNs.
Pre-signed URLs
Temporary, time-limited URLs for granting access without modifying policies.
Access Logging & Observability
Server Access Logs
S3 can log every request to a destination bucket. Each record includes: requester, bucket name, request time, action, response status, and error code.
OpenTelemetry Tracing (Preview)
This site uses CloudFront Functions to inject traceparent headers following the W3C Trace Context standard, enabling end-to-end distributed tracing from the CDN edge to your backend.