S3

Last updated: Mar 2, 2026

Rationale

AWS S3  (Cloud Object Storage) is the service we use for storing files in the cloud .

The main reasons why we chose it over other alternatives are:

• It is SaaS  oriented, meaning that in order to start storing data, we only need to create a bucket . We do not have to worry about storage space, infrastructure scalability , data availability , data persistence , among many other infrastructure-related concerns.
• It complies with several  certifications from ISO  and CSA . Many of these certifications are focused on ensuring that the entity follows best practices regarding secure cloud-based  environments and information security.
• Resources can be written as code  using Terraform .
• It supports static website hosting , allowing us to easily host sites like our website  and our documentation .
• Its static website hosting  provides direct endpoints , meaning that dealing with load balancers  and static IP addresses  is not required in order to expose a site to the Internet .
• It can be easily integrated  with Cloudflare , allowing us to implement DNS , edge cache , Redirections , Security headers , among many other Cloudflare  features.
• It supports presigned URLs  that can be used for creating signed download links that can only be accessed by the user with the generated key. Such links can have an expiration date . This feature greatly reduces the chance of data leaks.
• It supports versioning , allowing us to keep a complete history of all stored objects.
• It supports storage lifecycle , allowing to declare policies  for expiring files and moving them to different storage classes .
• It can be programmatically accessed using the AWS CLI  and other language-specific libraries like Python’s Boto3 , allowing us to connect our applications  to it.
• It can be used by Terraform  as a backend to store its state .
• It supports AES256 server-side-encryption .
• It supports access control lists  with an object-level granularity, allowing for full control regarding object access privileges.
• It supports bucket policies , which are specially useful when making a bucket  only accessible from a CDN  in order to avoid CDN bypassing .
• It supports Storage Lens , an analytics module for visualizing insights and trends and optimizing usage.

Alternatives

• Google Cloud Storage : It did not exist at the time we migrated to the cloud. It does not provide direct endpoints , meaning that load balancers  and static IP addresses  are needed in order to expose a site to the Internet .
• Azure Blob Storage : It did not exist at the time we migrated to the cloud (pending to review).

Usage

We use AWS S3  for:

• Serving Docs environments 
• Serving Airs environments 
• Serving ARM front environments 
• Creating ARM signed URLs 
• Storing ARM resources, evidence, reports and analytics 
• Storing Sorts trainings 
• Storing Skims data 
• Storing GitLab CI cache 
• Storing Terraform states 

We do not use AWS S3  for storing multimedia for our sites, like images and videos. We use Cloudinary  instead.