S3 Bucket Introduction
1️⃣ What is AWS S3
Amazon S3 = Simple Storage Service
মানে:
Cloud এ unlimited file store করার system।
🧠 Traditional Storage vs S3
❌ Traditional Server Storage
Server
└── uploads/
└── image.png
Problem:
- server crash → data gone
- scaling impossible
- disk full
- backup headache
✅ S3 Cloud Storage
Internet
↓
S3 Bucket
↓
Stored safely in AWS datacenter
AWS internally:
multiple data center
automatic replication
99.999999999% durability
👉 11 Nine durability
🔥 S3 Database না কেন?
| Feature | Database | S3 |
|---|---|---|
| Structured data | ✅ | ❌ |
| Query | ✅ | ❌ |
| File storage | ❌ | ✅ |
| Image/Video | ❌ | ✅ |
Example
Database:
users table
id | name | image_url
S3:
ali.png
resume.pdf
invoice.csv
👉 Database stores reference
👉 S3 stores file
🏢 Real Office Examples
Example 1 — Facebook
Image → S3
User info → Database
2️⃣ Bucket
Bucket কী?
👉 Bucket = Main container
সব file bucket এর ভিতরে থাকে।
Real Life Analogy
House → Bucket
Room → Folder
Item → File
Bucket Naming Rules (Production)
Bucket name globally unique.
❌
mybucket
test
files
✔ Professional naming:
surepay-prod-assets
surepay-dev-files
eventflow-analytics-dataBucket Characteristics
Bucket has:
Region
Permission
Versioning
Encryption
Lifecycle rules
📄 3️⃣ Object (Actual Stored File)
Object কী?
👉 Object = stored file.
Example:
profile.png
invoice.pdf
backup.zip
video.mp4
Object Structure
Every object =
Key + Data + Metadata
1️⃣ Key
File path.
users/ali/profile.png
👉 Folder actually exist করে না।
এটা শুধু naming trick।
2️⃣ Data
Actual file content.
3️⃣ Metadata
Extra information.
Example:
Content-Type: image/png
Upload-Time: 2026
Size: 2MB
Production Example
Upload image:
users/
└── 102/
└── profile.jpg
Database:
image_url = s3 url
===================================================
Region
👉 Physical location যেখানে data store হয়। মানে তোমার data পৃথিবীর কোন জায়গায় store হবে।
Example regions:
- ap-south-1 → Mumbai
- ap-southeast-1 → Singapore
- us-east-1 → USA
Why Region Matters?
1️⃣ Latency
Bangladesh user:
Singapore bucket → fast
USA bucket → slow
2️⃣ Cost
Cross region transfer = extra money.
3️⃣ Legal Compliance
Some countries require local storage.
Senior Engineer Rule
Choose:
User closest region
Bangladesh Production:
✅ Singapore
✅ Mumbai
Real Example
Bad architecture:
BD users → USA S3 → Slow app
Good architecture:
BD users → Singapore S3 → Fast app 🔐 2️⃣ Permission (Security System)
🔥 সবচেয়ে critical topic।
S3 default rule:
Everything is PRIVATE
Permission Control Layer : 3 level security থাকে।
✅ Layer 1 — IAM Policy
Control:
👉 Who can access AWS
Example:
backend server
developer
docker container
Example permission:
Allow Upload
Deny Delete
✅ Layer 2 — Bucket Policy
Control:
👉 Who can access THIS bucket
Example:
allow public read image
block external access
Example:
Public can view image
But cannot upload
✅ Layer 3 — Object Permission (ACL)
Individual file permission.
Example:
profile.jpg → public
nid.pdf → private
🏢 Production Example
Mobile Banking:
| File | Permission |
|---|---|
| profile image | public read |
| NID | private |
| transaction | private |
🔥 Senior Rule
❌ NEVER make whole bucket public
✔ make only required objects public
🕒 3️⃣ Versioning (Life Saver Feature)
Versioning কী?
S3 automatically keeps file history.
Without versioning:
upload profile.png
upload new profile.png
→ old file LOST
profile.png (v1)
profile.png (v2)
profile.png (v3)
সব save থাকে।
Internal Working
Every upload gets:
Version IDReal Example
User deletes important file accidentally.
Without versioning → DEAD 💀
With versioning → restore old version ✅
🏢 Production Use Case
Example 1 — Banking Statement
Never lose history.
Example 2 — Data Pipeline
ETL overwrites CSV daily.
Versioning saves previous data.
🔒 4️⃣ Encryption (Data Protection)
Encryption কী?
Data stored in encrypted form.
Meaning:
Even AWS staff cannot read data
Encryption Types
✅ SSE-S3 (Default)
AWS manages encryption key.
Easy + secure.
Best for beginners.
✅ SSE-KMS ⭐ (Production Favorite)
AWS Key Management Service.
Features:
access logging
audit
fine control
Used in:
✔ banking
✔ fintech
✔ healthcare
✅ Client-side Encryption
You encrypt before upload.
Ultra secure system.
🏢 Real Example
Sure Pay:
| Data | Encryption |
|---|---|
| Profile image | SSE-S3 |
| KYC document | SSE-KMS |
| Financial report | KMS |
Senior Rule
Production bucket without encryption = BAD ARCHITECTURE
Simple language:
Encryption = data কে readable form থেকে secret code এ convert করা।
Without Encryption
profile.jpg → readable
যদি কেউ storage access পায়:
👉 সরাসরি file দেখতে পারবে।
With Encryption
profile.jpg → X7$#9K@2!encrypteddata
👉 key ছাড়া কেউ পড়তে পারবে না।
🔄 5️⃣ Lifecycle Rules
🔥 Senior engineers save millions here.
Lifecycle Rule কী?
Automatic file management system.
AWS automatically:
move file
archive file
delete file
based on time.
Example Rules
Example 1 — Log Management
Day 0 → Standard
After 30 days → Glacier
After 365 days → Delete
No manual work needed.
Real Company Example
E-commerce company:
| File | Lifecycle |
|---|---|
| Upload temp | delete 7 days |
| Logs | archive 30 days |
| Backup | deep archive |
Senior Rule
Without lifecycle rule:
👉 S3 bill explodes 💸
Think like this:
S3 Bucket ├── Region → where data lives ├── Permission → who can access ├── Versioning → history protection ├── Encryption → data security └── Lifecycle → automatic management