Abimuktheeswaran Chidambaram
3 min readNov 29, 2023

--

Amazon launched S3 Express One Zone at the end of November 2023. It is a high-performance, single-zone Amazon S3 storage class that is purpose-built to deliver consistent, and low-latency applications. It is 10x faster and the cost is 50% lower than S3 Standard. Its availability is 99.5%. Amazon S3 Express One Zone is the first S3 storage class where you can select a single Availability Zone which provides the highest possible access speed.

S3 Express One Zone is designed to handle concurrent device failures by quickly detecting and repairing any lost redundancy. If the existing device encounters a failure, S3 Express One Zone automatically shifts requests to new devices within an Availability Zone.

1. Types of Buckets

There are two types of Amazon S3 buckets, S3 general purpose buckets and S3 directory buckets.

Directory buckets use only the S3 Express One Zone storage class, which is designed for workloads or performance-critical applications that require consistent single-digit millisecond latency. Each S3 directory bucket can support hundreds of thousands of transactions per second. You can create the bucket in one AZ.

General purpose buckets are the default Amazon S3 bucket type.

2. Security

By default, all objects stored in directory buckets are automatically encrypted by using server-side encryption (SSE) with Amazon S3 managed keys (SSE-S3). It does not support Server-side encryption for other KMS services like SSE -KMS, SSE-C.

Unencrypted uploads to directory buckets aren’t permitted. S3 Express One Zone can only be accessed through HTTPS (TLS). gateway VPC endpoints are used to access the Regional and Zonal endpoints for Amazon S3 Express One Zone from your virtual private cloud (VPC).

Before deleting files recursively from your S3 bucket, it is always a good practice to verify which files will be affected. Deleting an object that’s stored in a directory bucket also recursively deletes any parent directories, if those parent directories don’t contain any objects other than the object that’s being deleted. Multi-factor authentication (MFA) and S3 Versioning are not supported.

AWS Identity and Access Management helps administrators securely control access to AWS resources. IAM administrators control who can be authenticated (signed in) and authorized (have permissions) to use Amazon S3 resources in S3 Express One Zone. To grant access permissions for directory buckets, you can use IAM to create users, groups, or roles and attach permissions to those identities. You can use IAM for no additional charge. By default, directory buckets are private and can be accessed only by users who are explicitly granted access. The access control boundary for directory buckets is set only at the bucket level.

Stay tuned!

Last updated: 07-Jan-2024

--

--