Amazon cloud storage consists of several services. One of the earliest entrants to the cloud services space, Amazon Web Services Inc. introduced its Simple Storage Service in 2006 and has since expanded its portfolio to address more fine-grained storage use cases.
Amazon Simple Storage Service (S3) is object-based storage for any type or amount of data. Use cases include primary storage, backups and archives. Customers pay only for the storage they use. They store objects in buckets for retrieval with developer-assigned keys. Objects contain from 1 byte to 5 terabytes (TB) of data.
A Reduced Redundancy Storage (RRS) option for Amazon S3 is available for noncritical data at lower levels of redundancy and at lower cost than S3's standard storage. The service stores objects on multiple devices across multiple facilities but does not replicate them as many times as standard Amazon S3 cloud storage does.
Amazon's cloud storage expanded in August 2012 when it rolled out Amazon Glacier, an even lower-cost storage option. Glacier is for data that a user infrequently accesses, when retrieval times of several hours are acceptable. Pricing starts at 1 cent per gigabyte (GB) per month. Amazon also offers a Glacier storage option for S3 that allows users to define rules to automatically archive sets of S3 objects to Glacier at reduced costs.
Amazon launched its AWS Storage Gateway service in early 2012 to give customers the option of downloading a software appliance to run on its premises as a virtual machine (VM) and upload the local data associated with the appliance to Amazon's cloud storage infrastructure.
Amazon also offers an Elastic Block Store (EBS) service that provides block-level, network-attached storage volumes of 1 GB to 1 TB for use with Amazon Elastic Compute Cloud (EC2). But since EBS is not accessible without an EC2 instance, it falls outside the scope of this cloud storage guide.
Amazon S3: Programming needs vary based on the way customers want to use S3. Setting up an account and creating a bucket to store objects can be as simple as a few mouse clicks for basic needs, and the AWS Management Console assists with moving and deleting objects. For enterprise purposes, Amazon cloud storage provides a proprietary REST-based Web services interface that developers use to build applications that integrate with S3. Companies with no programming skills can use a third-party storage gateway or the AWS Storage Gateway that supports industry-standard storage protocols.
AWS supports several methods for loading and retrieving data, including data transfer over the Internet and services such as AWS Direct Connect and AWS Import/Export.
AWS Direct Connect facilitates a dedicated network connection for data transfer between AWS locations and the customer's data center, office or colocation environment. AWS charges at the reduced Direct Connect rate rather than the Internet rate. Users pay only for what they use, and pricing is per port-hour.
AWS Import/Export transfers data onto and off of storage devices using Amazon's high-speed internal network instead of the Internet. The service is available for S3, Glacier and EBS. Amazon recommends AWS Import/Export to customers with large amounts of data and limited bandwidth. Customers prepare a portable storage device with their data and send it to Amazon. Pricing includes fees for each storage device and the number of hours required to load the data.
Amazon Glacier: Customers store data as archives in Glacier; an archive consists of a single file or a combination of files that the user can upload as a single archive. To retrieve archives, users initiate jobs, which typically finish in three to five hours.
The AWS Management Console permits customers to create and delete stored data and organize archives in vaults, but other interactions require programming. To upload data, developers write code and make requests using either the REST API directly or the AWS Software Development Kit for Java and .NET wrapper libraries.
AWS Storage Gateway: Customers download the AWS Storage Gateway VM image from the AWS Management Console and deploy it on a host server running a VMware ESXi hypervisor. The VM has four virtual processors assigned to it, 7.5 GB of RAM and 75 GB of disk space for the installation and system data. Users need additional disk space for their application data and for the gateway to use as working storage.
Customers choose the Gateway-Cached volume or Gateway-Stored volume, allocate on-premises storage to the gateway, create storage volumes on the gateway and mount the volumes to their on-premises application servers as iSCSI devices. Users activate the gateway through the AWS Management Console and choose a geographic region to store the data, which is uploaded over an encrypted connection. The Gateway-Cached setup allows up to 150 TB of storage volumes, while the Gateway-Stored option permits up to 12 TB of storage volumes. Amazon places no limit on the amount of EBS snapshot storage that a single gateway can have in S3.
Data center locations
Amazon S3: N. Virginia; Oregon; N. California; Ireland; Singapore; Tokyo; Sydney, Australia; São Paulo, Brazil; and U.S.-based GovCloud for government agencies
Amazon Glacier: N. Virginia, Oregon, N. California, Ireland and Tokyo
AWS Storage Gateway: N. Virginia, Oregon, N. California, Ireland, Singapore, Tokyo, Sydney and São Paulo
Amazon S3: Amazon S3 costs for storage, requests and data transfer vary based on usage and location. For instance, pricing is higher for northern California than the northern Virginia and Oregon data centers.
Monthly prices for standard storage in the U.S. Standard (Va.) and U.S. West (Oregon) regions range from $0.095 per GB for the first terabyte of data to $0.055 per GB for more than 5 petabytes (PBs).
Monthly prices for reduced redundancy storage (RRS) in the U.S. Standard (Va.) and U.S. West (Oregon) regions range from $0.076 per GB for the first TB of data to $0.037 per GB for more than 5 PBs.
Requests: Additional charges apply for PUT, COPY, POST, LIST, GET and other requests. There is no charge for delete requests of standard storage or RRS objects.
Data transfer: There is no charge for data transfer into S3. Charges apply when transferring more than 1 GB per month of data from S3 to the Internet based on the amount of data transferred. Charges also apply when transferring data to another AWS region or to Amazon CloudFront.
Amazon Glacier: Amazon Glacier pricing varies based on region. Users pay only for the storage they use. Amazon notes that Glacier targets data that will be stored for months, years or decades. Amazon charges customers a fee if they choose to retrieve more than 5% of their average monthly storage (pro-rated daily) each month. Amazon also charges a pro-rated fee for items deleted prior to 90 days.
Monthly Glacier storage prices range from $0.010 per GB to $0.012 per GB, depending on the Amazon data center location. Amazon also charges for upload and retrieval requests; LISTVAULTS and GETJOBOUTPUT requests are free. There is no charge for data transfers into S3. Charges apply when transferring more than 1 GB per month of data from Glacier to the Internet and from Glacier to another AWS region.
Amazon Storage Gateway: Amazon Storage Gateway pricing is $125 per activated gateway per month.
In addition, Amazon bills customers for the S3 storage associated with Gateway-Cached volume data and Gateway-Stored volume snapshots. Monthly rates range from $0.095 per GB to $0.130 per GB of data stored based on region. There is no charge for data transferred into AWS by the AWS Storage Gateway. Monthly pricing for data transferred out is free for the first GB. Beyond 1 GB, data transfer charges are based on the amount of data and the region. New customers receive 60 days of free use for the first gateway and, as part of the AWS Free Usage Tier, 1 GB of storage of Amazon EBS snapshots and 15 GB of data transfer out, aggregated across all AWS services.
(Note: All pricing information is valid as of April 1, 2013)
AWS pledges "commercially reasonable efforts" to make Amazon S3 available with a monthly uptime percentage of at least 99.9% during any monthly billing cycle. If S3 fails to meet the service commitment, customers are eligible for a credit according to this schedule.
Amazon Glacier is backed by the same service-level agreement as Amazon S3.
Amazon provides individual enterprise agreements for large customers. A company spokesperson said many enterprises start using AWS services under the standard contract then work with Amazon to define terms that best meet their business needs.
The AWS Management Console for Amazon S3 enables users to create storage buckets, choose the region where the objects are stored, upload objects, configure access control for buckets and objects, and manage S3 resources. Users can also monitor and control spending, and automatically archive data to lower cost storage.
Using their management console, Amazon Glacier customers can create, edit and delete vaults, view details such as time/date of vault creation and vault size, and configure notification policies.
The console for AWS Storage Gateway lets users create and manage the gateway's iSCSI storage volumes and snapshots, configure snapshot scheduling, administer software updates, and apply a bandwidth throttle on data that is uploaded or downloaded from Amazon S3. Customers can view snapshots on both the AWS Storage Gateway and Amazon EC2 Management Consoles, and they can use the appropriate console to restore snapshots to either AWS Storage Gateway or Amazon EBS cloud storage volumes.
Amazon's storage services employ security mechanisms such as Secure Sockets Layer (SSL) for data in transit and 256-bit Advanced Encryption Standard (AES-256) for data at rest. S3 customers can securely upload and download data via SSL endpoints using HTTPS. For additional security, customers can encrypt data before storing it in S3 or use Amazon's Server Side Encryption (SSE) to encrypt data stored at rest in S3.
Only bucket and object owners have access to the S3 resources they create. They can designate objects as private or public and grant rights only to specific users, if they like. Customers have four mechanisms to control access to S3:
- Identity and Access Management (IAM) policies
- Bucket policies
- Access control lists (ACLs) that allow them to selectively grant permissions to users and groups of users
- Query string authentication that enables them to create a URL to an S3 object that is valid only for a limited time.
IAM lets organizations with multiple employees create and manage multiple users under a single AWS account. IAM also enables identity federation between a corporate directory and AWS services.
Amazon Glacier customers can use IAM for functions such as controlling access to data through vault-level access policies and creating alerts to notify them when requested data is ready for download.
AWS offers additional services that customers can use separately or in conjunction with AWS storage. They include EC2 and EBS, Elastic MapReduce (for data processing and analysis), Relational Database Service and CloudFront (for faster content delivery from servers at the nearest edge location).
EBS is suited to applications that require a database, file system or access to raw block-based storage. An EC2 instance can mount one or more EBS volumes as block devices. Customers create a file system on top of the EBS volumes or use them as they would any block devices such as hard drives. Customers can provision a specific level of I/O performance, if desired, by choosing a Provisioned IOPS volume to boost scalability. Amazon EBS pricing varies by region and starts at 10 cents per GB per month of provisioned storage.