Deployments
79
Made by
Massdriver
Official
Yes
No
Compliance
Clouds
Tags
aws-s3-application-asset-bucket
Amazon S3 (Simple Storage Service) is a highly scalable and durable object storage service that provides developers with a secure and cost-effective way to store and retrieve any amount of data. It offers a simple API interface and enables applications to easily store and retrieve images, videos, audio files, and other assets without worrying about capacity, availability, or data loss.
Use Cases
Asset Serving for API
Many APIs need persistent blob storage for artifacts/manifests/objects that aren’t suitable for storage in a database.
Media Storage
Amazon S3 provides an ideal solution for storing and delivering media assets, such as images, videos, and audio files, for web and mobile applications.
Backup and Disaster Recovery
S3 can be used to backup important application assets, such as code, configurations, and databases, to ensure they are always available in the event of a disaster or outage.
Machine Learning Model Storage
Large machine learning models can store model data in S3 and load it as needed by applications
Design
This bundle is designed around the specific use-case of storing application assets in S3. For this reason, assumptions are made regarding the configuration of the bucket. For example, public access is disabled, object versioning is disabled.
Best Practices
High Availability
Deploys regional S3 for High availability in the event of zonal failure
Dedicated KMS Key
Uses a dedicated KMS key with narrowly scoped permission for encryption
Security
KMS Encryption
A KMS key is created and narrowly scoped to the bucket for encrypting all assets.
Private ACL
No public access is allowed to this bucket
Policies
The following policies are created for managing access to the S3 bucket.
read
: Grants read access to objects in the bucketwrite
: Grants access to write objects to the bucket
Non-intentions / Out of Scope Use-cases (for this bundle)
- Eventing bucket for lambda ETL (would include notifications)
- Static Website Content (would include routing / endpoint configuration)
- Cold / Archival storage only
- Data Lake (analytics configuration and option for transfer accelerate configuration)
- Replication to other regions
- Requester Pays user content download
- Log Storage
Variable | Type | Description |
---|---|---|
bucket.region | string | AWS Region to provision in. |
monitoring.access_logging | boolean | Enabling this will create an additional bucket for storing access logs |