3.3 Amazon S3 - Storage Classes, Lifecycle, and Performance
Key Takeaways
- S3 offers tiers from S3 Standard (highest cost, instant access) down to S3 Glacier Deep Archive (lowest cost, 12-48 hour retrieval); all tiers share 99.999999999% (11 nines) durability.
- S3 Intelligent-Tiering auto-moves objects between access tiers with no retrieval fees - the default answer when access patterns are unknown or shifting.
- Lifecycle policies automate transitions and expirations; objects move only down the class hierarchy, and IA classes carry a 30-day minimum, Glacier 90 days, Deep Archive 180 days.
- S3 scales to 3,500 PUT/POST/DELETE and 5,500 GET/HEAD requests per second per prefix; multipart upload is required above 5 GB and recommended above ~100 MB.
- S3 Object Lock in Compliance mode makes objects undeletable for the retention period even by the root account - the WORM compliance answer.
Quick Answer: Frequent access -> S3 Standard. Unknown/changing pattern -> Intelligent-Tiering. Infrequent but instant -> Standard-IA (or Glacier Instant Retrieval for archive priced data). Cold archive -> Glacier Flexible (minutes-hours) or Deep Archive (12+ hours). Automate moves with lifecycle policies; enforce immutability with Object Lock Compliance.
S3 Storage Classes
| Class | Availability SLA design | Min duration | Retrieval | Use case |
|---|---|---|---|---|
| S3 Standard | 99.99% | None | None | Hot, frequently accessed data |
| S3 Intelligent-Tiering | 99.9% | None | None (small monitoring fee) | Unknown/changing access |
| S3 Standard-IA | 99.9% | 30 days | Per GB | Infrequent but needs instant access |
| S3 One Zone-IA | 99.5% (1 AZ) | 30 days | Per GB | Re-creatable infrequent data |
| S3 Glacier Instant Retrieval | 99.9% | 90 days | Per GB | Archive needing millisecond reads |
| S3 Glacier Flexible Retrieval | 99.99% | 90 days | Per GB | Archive, minutes to 12 hours |
| S3 Glacier Deep Archive | 99.99% | 180 days | Per GB | 7-10 yr compliance, 12-48 hour reads |
Every class is designed for 99.999999999% (11 nines) durability by storing data redundantly. The differentiators are availability, minimum storage duration (early-delete fees apply if you remove sooner), per-GB storage price, and retrieval speed/cost. One Zone-IA stores in a single AZ, so it is cheaper but loses the object if that AZ is destroyed - use only for data you can regenerate.
Intelligent-Tiering Access Tiers
| Tier | Trigger | Savings vs Standard |
|---|---|---|
| Frequent Access | Default | Standard pricing |
| Infrequent Access | No access 30 days | ~40% |
| Archive Instant Access | No access 90 days | ~68% |
| Archive Access (opt-in) | 90-730 days | Glacier-tier pricing |
| Deep Archive Access (opt-in) | 180-730 days | Deep Archive pricing |
On the Exam: "Access pattern is unpredictable" -> Intelligent-Tiering. "Accessed a few times a year but must come back immediately" -> Standard-IA or Glacier Instant Retrieval. "Regulatory archive, retrieval can wait hours" -> Glacier Deep Archive.
S3 Lifecycle Policies
Lifecycle rules transition or expire objects automatically based on age. Objects move only down the hierarchy:
Standard -> Standard-IA / One Zone-IA -> Glacier Instant -> Glacier Flexible -> Glacier Deep Archive -> Expire
| Day | Action |
|---|---|
| 0 | Created in S3 Standard |
| 30 | Transition to Standard-IA |
| 90 | Transition to Glacier Flexible Retrieval |
| 365 | Transition to Glacier Deep Archive |
| 2555 (7 yr) | Expire (delete) |
Lifecycle rules can also expire old noncurrent versions in versioned buckets and clean up incomplete multipart uploads.
S3 Performance
| Metric | Value |
|---|---|
| PUT/COPY/POST/DELETE | 3,500 requests/sec per prefix |
| GET/HEAD | 5,500 requests/sec per prefix |
| Object size | 0 bytes to 5 TB |
| Multipart upload | Required above 5 GB; recommended above ~100 MB |
Scaling technique: request limits are per prefix, so spreading objects across many key prefixes (e.g. /2026/01/, /2026/02/) multiplies throughput. Use multipart upload for parallel, resumable large uploads, byte-range fetches to parallelize downloads, and S3 Transfer Acceleration (routes through CloudFront edge locations) to speed long-distance uploads by 50-500%.
Versioning, Object Lock, and Access Points
Versioning keeps every object revision; a delete creates a recoverable delete marker, and MFA Delete can require a hardware token to permanently remove versions. S3 Object Lock enforces write-once-read-many (WORM):
| Mode | Behavior |
|---|---|
| Governance | Privileged users can override the lock |
| Compliance | Nobody, including the root account, can delete before retention expires |
| Legal Hold | Indefinite lock until explicitly removed |
S3 Access Points give each application its own hostname and scoped policy over a shared bucket, optionally pinned to a VPC, which simplifies otherwise enormous bucket policies for large shared datasets.
On the Exam: "Data must be immutable for 7 years, even from administrators" -> Object Lock in Compliance mode. "Speed up uploads from users in distant Regions" -> Transfer Acceleration.
Worked Scenario: Designing a Lifecycle
Imagine compliance logs that auditors read constantly for the first month, occasionally for the following year, and almost never afterward - yet the records must survive for seven years. The cost-optimal design transitions the objects through progressively cheaper classes that match each phase: leave new objects in S3 Standard while hot, transition to Standard-IA at day 30 once access drops, move to Glacier Deep Archive at day 365 for the long cold tail, and add an expiration action at day 2,555 (seven years) to delete them automatically.
Note the minimum-duration fees: an object moved out of Standard-IA before 30 days, or out of Deep Archive before 180 days, still incurs the minimum-duration charge, so do not transition data faster than its real access pattern justifies.
Common Traps to Avoid
- One Zone-IA for irreplaceable data. One Zone-IA stores in a single AZ; if that AZ is lost, the data is gone. Use it only for data you can regenerate.
- Versioning is not immutability. Versioning protects against accidental overwrite but a privileged user can still purge versions. For true WORM compliance you need Object Lock in Compliance mode.
- Transfer Acceleration for downloads. Transfer Acceleration speeds long-distance uploads via edge locations; to accelerate downloads to end users, put CloudFront in front of the bucket.
- Per-prefix throughput. S3 scales to 5,500 GET and 3,500 PUT requests per second per prefix - concentrating a hot workload on one prefix triggers 503 Slow Down errors; spread keys across prefixes.
- Intelligent-Tiering monitoring fee. Intelligent-Tiering charges a small per-object monitoring fee; for tiny objects or a known, predictable access pattern, explicit lifecycle transitions can be cheaper.
Financial records must be stored such that no one - including the AWS account root user - can delete or overwrite them for a 7-year regulatory retention period. Which S3 configuration enforces this?
A bucket holds logs accessed heavily for 30 days, occasionally for the next year, then must be retained but is rarely read. Which lifecycle design is most cost-effective?
An application sends bursts of 8,000 GET requests per second against objects that all share the same key prefix and starts receiving 503 Slow Down errors. What is the most effective fix?