Object Storage (S3 / Cloud Storage)
Object Storage (S3 / Cloud Storage)¶
1. Object Storage Overview¶
1.1 What is Object Storage?¶
Object storage is a storage architecture that stores data as discrete objects.
Object Components: - Data: Actual file content - Metadata: File information (creation date, size, custom attributes) - Unique Identifier: Key to locate the object
1.2 Service Comparison¶
| Category | AWS S3 | GCP Cloud Storage |
|---|---|---|
| Service Name | Simple Storage Service | Cloud Storage |
| Container Unit | Bucket | Bucket |
| Max Object Size | 5TB | 5TB |
| Multipart Upload | Supported (5MB-5GB parts) | Supported (composite upload) |
| Versioning | Versioning | Object Versioning |
| Lifecycle | Lifecycle Rules | Lifecycle Management |
| Encryption | SSE-S3, SSE-KMS, SSE-C | Google-managed, CMEK, CSEK |
2. Storage Classes¶
2.1 AWS S3 Storage Classes¶
| Class | Use Case | Availability | Minimum Storage Duration |
|---|---|---|---|
| S3 Standard | Frequent access | 99.99% | - |
| S3 Intelligent-Tiering | Unknown access patterns | 99.9% | - |
| S3 Standard-IA | Infrequent access | 99.9% | 30 days |
| S3 One Zone-IA | Infrequent access (single AZ) | 99.5% | 30 days |
| S3 Glacier Instant | Archive (instant access) | 99.9% | 90 days |
| S3 Glacier Flexible | Archive (minutes to hours) | 99.99% | 90 days |
| S3 Glacier Deep Archive | Long-term archive | 99.99% | 180 days |
2.2 GCP Cloud Storage Classes¶
| Class | Use Case | Availability SLA | Minimum Storage Duration |
|---|---|---|---|
| Standard | Frequent access | 99.95% (regional) | - |
| Nearline | Less than once per month | 99.9% | 30 days |
| Coldline | Less than once per quarter | 99.9% | 90 days |
| Archive | Less than once per year | 99.9% | 365 days |
2.3 Cost Comparison (Seoul Region)¶
| Class | S3 ($/GB/month) | GCS ($/GB/month) | |--------|-------------|---------------| | Standard | $0.025 | $0.023 | | Infrequent Access | $0.0138 | $0.016 (Nearline) | | Archive | $0.005 (Glacier) | $0.0025 (Archive) |
Prices are subject to change
3. Bucket Creation and Management¶
3.1 AWS S3 Buckets¶
# λ²ν· μμ±
aws s3 mb s3://my-unique-bucket-name-2024 --region ap-northeast-2
# λ²ν· λͺ©λ‘ μ‘°ν
aws s3 ls
# λ²ν· λ΄μ© μ‘°ν
aws s3 ls s3://my-bucket/
# λ²ν· μμ (λΉμ΄μμ΄μΌ ν¨)
aws s3 rb s3://my-bucket
# λ²ν· μμ (λ΄μ© ν¬ν¨)
aws s3 rb s3://my-bucket --force
Bucket Naming Rules: - Globally unique - 3-63 characters - Lowercase letters, numbers, hyphens only - Must start/end with letter or number
3.2 GCP Cloud Storage Buckets¶
# λ²ν· μμ±
gsutil mb -l asia-northeast3 gs://my-unique-bucket-name-2024
# λλ gcloud μ¬μ©
gcloud storage buckets create gs://my-bucket \
--location=asia-northeast3
# λ²ν· λͺ©λ‘ μ‘°ν
gsutil ls
# λλ
gcloud storage buckets list
# λ²ν· λ΄μ© μ‘°ν
gsutil ls gs://my-bucket/
# λ²ν· μμ
gsutil rb gs://my-bucket
# λ²ν· μμ (λ΄μ© ν¬ν¨)
gsutil rm -r gs://my-bucket
4. Object Upload/Download¶
4.1 AWS S3 Object Operations¶
# λ¨μΌ νμΌ μ
λ‘λ
aws s3 cp myfile.txt s3://my-bucket/
# ν΄λ μ
λ‘λ (μ¬κ·)
aws s3 cp ./local-folder s3://my-bucket/remote-folder --recursive
# νμΌ λ€μ΄λ‘λ
aws s3 cp s3://my-bucket/myfile.txt ./
# ν΄λ λ€μ΄λ‘λ
aws s3 cp s3://my-bucket/folder ./local-folder --recursive
# λκΈ°ν (λ³κ²½λ νμΌλ§)
aws s3 sync ./local-folder s3://my-bucket/folder
aws s3 sync s3://my-bucket/folder ./local-folder
# νμΌ μμ
aws s3 rm s3://my-bucket/myfile.txt
# ν΄λ μμ
aws s3 rm s3://my-bucket/folder --recursive
# νμΌ μ΄λ
aws s3 mv s3://my-bucket/file1.txt s3://my-bucket/folder/file1.txt
# νμΌ λ³΅μ¬
aws s3 cp s3://source-bucket/file.txt s3://dest-bucket/file.txt
4.2 GCP Cloud Storage Object Operations¶
# λ¨μΌ νμΌ μ
λ‘λ
gsutil cp myfile.txt gs://my-bucket/
# λλ gcloud μ¬μ©
gcloud storage cp myfile.txt gs://my-bucket/
# ν΄λ μ
λ‘λ (μ¬κ·)
gsutil cp -r ./local-folder gs://my-bucket/
# νμΌ λ€μ΄λ‘λ
gsutil cp gs://my-bucket/myfile.txt ./
# ν΄λ λ€μ΄λ‘λ
gsutil cp -r gs://my-bucket/folder ./
# λκΈ°ν
gsutil rsync -r ./local-folder gs://my-bucket/folder
# νμΌ μμ
gsutil rm gs://my-bucket/myfile.txt
# ν΄λ μμ
gsutil rm -r gs://my-bucket/folder
# νμΌ μ΄λ
gsutil mv gs://my-bucket/file1.txt gs://my-bucket/folder/
# νμΌ λ³΅μ¬
gsutil cp gs://source-bucket/file.txt gs://dest-bucket/
4.3 Large File Upload¶
AWS S3 Multipart Upload:
# AWS CLIλ μλμΌλ‘ λ©ν°ννΈ μ
λ‘λ μ¬μ© (8MB μ΄μ)
aws s3 cp large-file.zip s3://my-bucket/ \
--expected-size 10737418240 # 10GB
# λ©ν°ννΈ μ€μ μ‘°μ
aws configure set s3.multipart_threshold 64MB
aws configure set s3.multipart_chunksize 16MB
GCP Composite Upload:
# gsutilμ μλμΌλ‘ λ³΅ν© μ
λ‘λ μ¬μ© (150MB μ΄μ)
gsutil -o GSUtil:parallel_composite_upload_threshold=150M \
cp large-file.zip gs://my-bucket/
5. Lifecycle Management¶
5.1 AWS S3 Lifecycle¶
{
"Rules": [
{
"ID": "Move to IA after 30 days",
"Status": "Enabled",
"Filter": {
"Prefix": "logs/"
},
"Transitions": [
{
"Days": 30,
"StorageClass": "STANDARD_IA"
},
{
"Days": 90,
"StorageClass": "GLACIER"
}
],
"Expiration": {
"Days": 365
}
},
{
"ID": "Delete old versions",
"Status": "Enabled",
"Filter": {},
"NoncurrentVersionExpiration": {
"NoncurrentDays": 30
}
}
]
}
# μλͺ
μ£ΌκΈ° μ μ±
μ μ©
aws s3api put-bucket-lifecycle-configuration \
--bucket my-bucket \
--lifecycle-configuration file://lifecycle.json
# μλͺ
μ£ΌκΈ° μ μ±
μ‘°ν
aws s3api get-bucket-lifecycle-configuration --bucket my-bucket
5.2 GCP Lifecycle Management¶
{
"lifecycle": {
"rule": [
{
"action": {
"type": "SetStorageClass",
"storageClass": "NEARLINE"
},
"condition": {
"age": 30,
"matchesPrefix": ["logs/"]
}
},
{
"action": {
"type": "SetStorageClass",
"storageClass": "COLDLINE"
},
"condition": {
"age": 90
}
},
{
"action": {
"type": "Delete"
},
"condition": {
"age": 365
}
}
]
}
}
# μλͺ
μ£ΌκΈ° μ μ±
μ μ©
gsutil lifecycle set lifecycle.json gs://my-bucket
# μλͺ
μ£ΌκΈ° μ μ±
μ‘°ν
gsutil lifecycle get gs://my-bucket
6. Access Control¶
6.1 AWS S3 Access Control¶
Bucket Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicRead",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*"
}
]
}
# λ²ν· μ μ±
μ μ©
aws s3api put-bucket-policy \
--bucket my-bucket \
--policy file://bucket-policy.json
# νΌλΈλ¦ μ‘μΈμ€ μ°¨λ¨ (κΆμ₯)
aws s3api put-public-access-block \
--bucket my-bucket \
--public-access-block-configuration \
"BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
Presigned URL:
# λ€μ΄λ‘λ URL μμ± (1μκ° μ ν¨)
aws s3 presign s3://my-bucket/private-file.pdf --expires-in 3600
# μ
λ‘λ URL μμ±
aws s3 presign s3://my-bucket/uploads/file.txt --expires-in 3600
6.2 GCP Cloud Storage Access Control¶
IAM Policy:
# μ¬μ©μμκ² λ²ν· μ κ·Ό κΆν λΆμ¬
gsutil iam ch user:user@example.com:objectViewer gs://my-bucket
# λͺ¨λ μ¬μ©μμκ² μ½κΈ° κΆν (νΌλΈλ¦)
gsutil iam ch allUsers:objectViewer gs://my-bucket
Uniform Bucket-Level Access (Recommended):
# κ· μΌ μ‘μΈμ€ νμ±ν
gsutil uniformbucketlevelaccess set on gs://my-bucket
Signed URL:
# λ€μ΄λ‘λ URL μμ± (1μκ° μ ν¨)
gsutil signurl -d 1h service-account.json gs://my-bucket/private-file.pdf
# gcloud μ¬μ©
gcloud storage sign-url gs://my-bucket/file.pdf \
--private-key-file=key.json \
--duration=1h
7. Static Website Hosting¶
7.1 AWS S3 Static Hosting¶
# 1. μ μ μΉμ¬μ΄νΈ νΈμ€ν
νμ±ν
aws s3 website s3://my-bucket/ \
--index-document index.html \
--error-document error.html
# 2. νΌλΈλ¦ μ‘μΈμ€ νμ© (λΈλ‘ ν΄μ )
aws s3api put-public-access-block \
--bucket my-bucket \
--public-access-block-configuration \
"BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false"
# 3. λ²ν· μ μ±
(νΌλΈλ¦ μ½κΈ°)
aws s3api put-bucket-policy --bucket my-bucket --policy '{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*"
}]
}'
# 4. νμΌ μ
λ‘λ
aws s3 sync ./website s3://my-bucket/
# μΉμ¬μ΄νΈ URL: http://my-bucket.s3-website.ap-northeast-2.amazonaws.com
7.2 GCP Cloud Storage Static Hosting¶
# 1. λ²ν· μμ± (λλ©μΈ μ΄λ¦κ³Ό μΌμΉνλ©΄ 컀μ€ν
λλ©μΈ κ°λ₯)
gsutil mb -l asia-northeast3 gs://www.example.com
# 2. μΉμ¬μ΄νΈ μ€μ
gsutil web set -m index.html -e 404.html gs://my-bucket
# 3. νΌλΈλ¦ μ‘μΈμ€ νμ©
gsutil iam ch allUsers:objectViewer gs://my-bucket
# 4. νμΌ μ
λ‘λ
gsutil cp -r ./website/* gs://my-bucket/
# μΉμ¬μ΄νΈ URL: https://storage.googleapis.com/my-bucket/index.html
# λ‘λ λ°Έλ°μλ₯Ό ν΅ν΄ 컀μ€ν
λλ©μΈ μ€μ κ°λ₯
8. Versioning¶
8.1 AWS S3 Versioning¶
# λ²μ κ΄λ¦¬ νμ±ν
aws s3api put-bucket-versioning \
--bucket my-bucket \
--versioning-configuration Status=Enabled
# λ²μ κ΄λ¦¬ μν νμΈ
aws s3api get-bucket-versioning --bucket my-bucket
# λͺ¨λ λ²μ μ‘°ν
aws s3api list-object-versions --bucket my-bucket
# νΉμ λ²μ λ€μ΄λ‘λ
aws s3api get-object \
--bucket my-bucket \
--key myfile.txt \
--version-id "abc123" \
myfile-old.txt
# νΉμ λ²μ μμ
aws s3api delete-object \
--bucket my-bucket \
--key myfile.txt \
--version-id "abc123"
8.2 GCP Object Versioning¶
# λ²μ κ΄λ¦¬ νμ±ν
gsutil versioning set on gs://my-bucket
# λ²μ κ΄λ¦¬ μν νμΈ
gsutil versioning get gs://my-bucket
# λͺ¨λ λ²μ μ‘°ν
gsutil ls -a gs://my-bucket/
# νΉμ λ²μ λ€μ΄λ‘λ
gsutil cp gs://my-bucket/myfile.txt#1234567890123456 ./
# νΉμ λ²μ μμ
gsutil rm gs://my-bucket/myfile.txt#1234567890123456
9. Cross-Region Replication¶
9.1 AWS S3 Cross-Region Replication¶
# 1. μμ€ λ²ν· λ²μ κ΄λ¦¬ νμ±ν
aws s3api put-bucket-versioning \
--bucket source-bucket \
--versioning-configuration Status=Enabled
# 2. λμ λ²ν· μμ± λ° λ²μ κ΄λ¦¬ νμ±ν
aws s3 mb s3://dest-bucket --region eu-west-1
aws s3api put-bucket-versioning \
--bucket dest-bucket \
--versioning-configuration Status=Enabled
# 3. 볡μ κ·μΉ μ€μ
aws s3api put-bucket-replication \
--bucket source-bucket \
--replication-configuration '{
"Role": "arn:aws:iam::123456789012:role/s3-replication-role",
"Rules": [{
"Status": "Enabled",
"Priority": 1,
"DeleteMarkerReplication": {"Status": "Disabled"},
"Filter": {},
"Destination": {
"Bucket": "arn:aws:s3:::dest-bucket"
}
}]
}'
9.2 GCP Dual/Multi-Region Buckets¶
# λμΌ λ¦¬μ λ²ν· μμ±
gsutil mb -l asia1 gs://my-dual-region-bucket
# λλ λ©ν° 리μ λ²ν·
gsutil mb -l asia gs://my-multi-region-bucket
# 리μ κ° λ³΅μ¬ (μλ)
gsutil cp -r gs://source-bucket/* gs://dest-bucket/
10. SDK Usage Examples¶
10.1 Python (boto3 / google-cloud-storage)¶
AWS S3 (boto3):
import boto3
s3 = boto3.client('s3')
# μ
λ‘λ
s3.upload_file('local_file.txt', 'my-bucket', 'remote_file.txt')
# λ€μ΄λ‘λ
s3.download_file('my-bucket', 'remote_file.txt', 'local_file.txt')
# κ°μ²΄ λͺ©λ‘
response = s3.list_objects_v2(Bucket='my-bucket', Prefix='folder/')
for obj in response.get('Contents', []):
print(obj['Key'])
# Presigned URL μμ±
url = s3.generate_presigned_url(
'get_object',
Params={'Bucket': 'my-bucket', 'Key': 'file.txt'},
ExpiresIn=3600
)
GCP Cloud Storage:
from google.cloud import storage
client = storage.Client()
bucket = client.bucket('my-bucket')
# μ
λ‘λ
blob = bucket.blob('remote_file.txt')
blob.upload_from_filename('local_file.txt')
# λ€μ΄λ‘λ
blob = bucket.blob('remote_file.txt')
blob.download_to_filename('local_file.txt')
# κ°μ²΄ λͺ©λ‘
blobs = client.list_blobs('my-bucket', prefix='folder/')
for blob in blobs:
print(blob.name)
# Signed URL μμ±
from datetime import timedelta
url = blob.generate_signed_url(expiration=timedelta(hours=1))
11. Next Steps¶
- 08_Block_and_File_Storage.md - Block Storage
- 10_Load_Balancing_CDN.md - Using with CDN