During the latest re:Invent Amazon announced the S3 Glacier Instant Retrieval storage class, a new storage class for rarely-accessed data that requires milliseconds retrieval. A new bucket owner enforced option lets customers disable the ACLs associated with the bucket and the objects.
The new Glacier Instant Retrieval storage class targets customers storing rarely accessed data for several years but requiring data to be highly available and immediately accessible. Marcia Villalba, senior developer advocate at AWS, highlights the main advantage of the latest addition:
S3 Glacier Instant Retrieval is a new storage class that delivers the fastest access to archive storage, with the same low latency and high-throughput performance as the S3 Standard and S3 Standard-IA storage classes. You can save up to 68 percent on storage costs as compared with using the S3 Standard-IA storage class (...)
Paul Annesley, principal engineer at Buildkite, warns that the new class might not benefit use cases where objects are small:
Digging into AWS S3's new Glacier Instant Retrieval storage class pricing. Total cost of uploading (many) small objects, transitioning to Standard-IA or Glacier-IR, then expiring/deleting after 6 months. Standard ends up cheaper than either of those for objects under 200 KiB.
With the new Glacier Instant Retrieval storage class, there are now seven different storage classes on Amazon S3 with different costs and constraints, making the choice sometimes harder for developers.
To reduce complexity and lifecycle rules, the new storage class is supported by the S3 Intelligent-Tiering, the storage class that automatically moves objects between access tiers to optimize costs. Designed for data with unpredictable or changing access patterns, the S3 Intelligent-Tiering automatically stores objects in three access tiers: Frequent Access tier, Infrequent Access tier and Archive Instant Access tier.
Source: https://aws.amazon.com/s3/storage-classes/intelligent-tiering
Coney Quinn, cloud economist at The Duckbill Group, comments in his newsletter:
I was extremely happy to see the expansion of S3 Intelligent Tiering to include Glacier’s new Instant Retrieval tier; at this point unless you’ve got otherworldly insight into your data lifecycle, Intelligent Tiering should absolutely be your default S3 storage tier.
To simplify access management on S3, AWS announced a new ownership setting called "Bucket owner enforced" to disable all ACLs associated with a bucket and its objects and access data only using policies. Once applied, ownership changes automatically and applications that write data to the bucket no longer need to specify any ACL. When creating a new bucket, developers can now choose whether ACLs are enabled or disabled.
Source: https://aws.amazon.com/blogs/aws/new-simplify-access-management-for-data-stored-in-amazon-s3
Villalba reminds the historical reasons behind the multiple access options:
Since launching 15 years ago, Amazon S3 buckets have been private by default. At first, the only way to grant access to objects was using ACLs. In 2011, AWS Identity and Access Management (IAM) was announced, which allowed the use of policies to define permissions and control access to buckets and objects in Amazon S3. Nowadays, you have several ways to control access to your data in Amazon S3, including IAM policies, S3 bucket policies, S3 Access Points policies, S3 Block Public Access, and ACLs.
The cloud provider has announced as well a free tier data transfer expansion and cost reductions for the Standard-Infrequent Access, One Zone-Infrequent Access and S3 Glacier Flexible Retrieval storage classes in a subset of regions. Furthermore AWS Backup, a managed policy-based service to to centralize and automate backups across 12 AWS services, introduced support for Amazon S3 in preview.