Why architecture matters here
S3 fails on cost (wrong class), security (public bucket incidents), and eventual issues (rate limits, request patterns). Architecture matters because governance + lifecycle + access decide safety + cost.
The architecture: every piece explained
The top strip is the primary model. Bucket is namespace in a region. Storage class — Standard, IA, Glacier, Deep Archive — trades cost vs retrieval. Object is key + bytes + metadata. Strong consistency for all reads (since 2020).
The middle row is management. Versioning preserves history. Lifecycle auto-transitions + expires. Replication cross-region + same-region. Encryption — SSE-S3, SSE-KMS, or client-side.
The lower rows are governance. Access control — IAM + bucket policy + block public. Analytics + inventory for cost + audit. Ops — cost + rate limits + presigned URLs.
End-to-end flow
End-to-end: app uploads a 10 MB object to a Standard bucket. Versioned, encrypted with SSE-KMS. Lifecycle transitions to IA after 30 days, Glacier after 365. Cross-region replication mirrors to DR region. Block public access enforced. Presigned URL grants temporary read to a user. Cost audit via S3 Inventory + Athena.