Rationale
AWS S3 (Cloud Object Storage) is the service we use for storing files in the cloud.
The main reasons why we chose it over other alternatives are:
- It is SaaS oriented, meaning that in order to start storing data, we only need to create a bucket. We do not have to worry about storage space, infrastructure scalability, data availability, data persistence, among many other infrastructure-related concerns.
- It complies with several certifications from ISO and CSA. Many of these certifications are focused on granting that the entity follows best practices regarding secure cloud-based environments and information security.
- Resources can be written as code using Terraform.
- It supports static website hosting, allowing us to easily host sites like our website and our documentation.
- Its static website hosting provides direct endpoints, meaning that dealing with load balancers and static IP addresses is not required in order to expose a site to the Internet.
- It can be easily integrated with Cloudflare, allowing us to implement DNS, edge cache, Redirections, Security headers, among many other Cloudflare features.
- It supports presigned URLs that can be used for creating signed download links that can only be accessed by the user with the generated key. Such links can have an expiration date. This feature greatly reduces the chance of data leaks.
- It supports versioning, allowing us to keep a complete historic of all stored objects.
- It supports storage lifecycle, allowing to declare policies for expiring files and moving them to different storage classes.
- It can be programmatically accessed using the AWS CLI and other language-specific libraries like Python's Boto3, allowing us to connect our applications to it.
- It can be used by Terraform as a backend to store its state.
- It supports AES256 server-side-encryption.
- It supports access control lists with an object-level granularity, allowing to have full control regarding object access privileges.
- It supports bucket policies, which are specially useful when making a bucket only accessible from a CDN in order to avoid CDN bypassing.
- It supports Storage Lens, an analytics module for visualizing insights and trends and optimizing usage.
Alternatives
- Google Cloud Storage: It did not exist at the time we migrated to the cloud. It does not provide direct endpoints, meaning that load balancers and static IP addresses are needed in order to expose a site to the Internet.
- Azure Blob Storage: It did not exist at the time we migrated to the cloud. Pending to review.
Usage
We use AWS S3 for:
- Serving Docs environments
- Serving Airs environments
- Serving ARM front environments
- Creating ARM signed URLs
- Storing ARM resources, evidences, reports and analytics
- Storing Sorts trainings
- Storing Skims data
- Storing GitLab CI cache
- Storing Terraform states
We do not use AWS S3 for:
- Storing multimedia for our sites like images and videos. We use Cloudinary instead.