f in x
> cd .. / HUB_EDITORIALE
Sviluppo di siti web

AWS S3 for Developers: Object Storage, Bucket Policy, Versioning, and Static Hosting

[2026-06-17] Author: Ing. Calogero Bono

Have you ever lost a critical file due to human error? Or discovered your static site was offline because the bucket was accidentally public? We at Meteora Web have been there. AWS S3 is the most popular storage service on the planet, but without solid configuration, it becomes a time bomb. In this guide, we dive into object storage, bucket policies, versioning, and static hosting. No fluff — just practical steps that work.

Object Storage: Why It's Not a Network Drive

A traditional file system (like NTFS or ext4) organizes data in a folder hierarchy. S3, on the other hand, is flat object storage: each file (object) has a unique key, and "paths" are just prefixes in the key. This enables horizontal scaling without practical limits. But note: you cannot mount S3 as a disk directly (tools like s3fs exist but are not recommended for production).

Common mistake: treating S3 like a NAS. Example: a client uploads 10 MB images without compression. Storage and transfer costs skyrocket, performance drops. We always recommend optimizing upfront: reduce object size before uploading. An image from 2 MB compressed to 200 KB saves 80% on transfer costs.

Sponsored Protocol

Immediate Actions

  • Use key prefixes (e.g., images/2026/product.jpg) to simulate logical structure.
  • Upload objects via aws s3 cp or SDK for automation, not through the browser.
  • Set the Storage Class based on access frequency: STANDARD for hot data, GLACIER for backups.
# Upload a file with standard storage class
aws s3 cp ./report.pdf s3://your-bucket/report/2026/report.pdf --storage-class STANDARD

Bucket Policy: Access Control Done Right

A bucket policy is a JSON document defining who can do what on your bucket. It's your first security line. Fatal error: leaving a bucket publicly readable/writable. We see this often in inherited projects: sensitive data exposed, runaway costs. We always apply the principle of least privilege: deny everything not explicitly allowed.

Example: Static Hosting Bucket (public read only)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::your-bucket/*"
    }
  ]
}

This allows public read access to all objects. Warning: if you don't want the whole bucket public, use Condition keys like IP, referer, or path.

Sponsored Protocol

Policy to Block Public Access (recommended default)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::your-bucket",
        "arn:aws:s3:::your-bucket/*"
      ],
      "Condition": {
        "NotIpAddress": {
          "aws:SourceIp": "192.168.1.0/24"
        }
      }
    }
  ]
}

This denies all operations to anyone not coming from your internal network. Security is not optional: it's avoided cost.

Immediate Actions

  • Use AWS Policy Generator to craft correct policies.
  • Enable Block Public Access in bucket settings unless you have an explicit need.
  • Verify with aws s3api get-bucket-policy that the policy is applied.
# Verify the policy
aws s3api get-bucket-policy --bucket your-bucket

Versioning: Your Safety Net

Imagine overwriting a critical file by mistake. Without versioning, it’s gone. With versioning, every modification creates a new version and you can roll back. Versioning isn't a cost: it's insurance. We enable it on every production bucket, especially for data managed via ERP or cron jobs.

Sponsored Protocol

How to Enable

aws s3api put-bucket-versioning --bucket your-bucket --versioning-configuration Status=Enabled

Once enabled, you cannot disable it (only suspend). Extra cost? Only the space used by non-deleted versions. When you delete an object, S3 creates a delete marker — it's not physically removed until you delete older versions as well.

Recovering an Old Version

# List all versions of an object
aws s3api list-object-versions --bucket your-bucket --prefix report.pdf

# Download a specific version
aws s3 cp s3://your-bucket/report.pdf?versionId=xyz123 ./restored_report.pdf

Lifecycle to Clean Up Versions

To avoid infinite storage costs, set a lifecycle rule to expire noncurrent versions after X days.

{
  "Rules": [
    {
      "Id": "Delete old versions",
      "Status": "Enabled",
      "NoncurrentVersionExpiration": {
        "NoncurrentDays": 30
      }
    }
  ]
}

Static Hosting: Fast, Serverless Sites

S3 can serve HTML, CSS, JS files directly as a website. It’s perfect for landing pages, documentation, portfolios. No servers to manage, no PHP, just storage. Costs are incredibly low: for a low-traffic site, you pay pennies per month.

Sponsored Protocol

Configuration Steps

  1. Enable static hosting in bucket properties: set index.html as default document and error.html for 404 errors.
  2. Make the bucket publicly readable (see policy above) or use CloudFront for HTTPS and caching.
  3. Upload files: aws s3 sync ./dist/ s3://your-bucket
# Sync local folder to bucket
aws s3 sync ./dist/ s3://your-bucket --delete --cache-control "max-age=3600"

Pro tip: use --delete to remove files from the bucket that no longer exist locally. Set cache-control to improve performance.

CloudFront + S3: The Winning Combo

Direct S3 hosting has a limitation: it only supports HTTP, not HTTPS. To get HTTPS and global speed, put CloudFront in front. We always do this. Create a CloudFront distribution with S3 origin, enable SSL, and get a worldwide CDN. Costs are negligible for low volumes.

Sponsored Protocol

# Example CLI command to create a CloudFront distribution
aws cloudfront create-distribution --origin-domain-name your-bucket.s3.amazonaws.com --default-root-object index.html

In Summary — What to Do Now

  1. Enable versioning on every bucket holding important data. Cheap insurance.
  2. Apply a bucket policy following least privilege. Block public access unless needed.
  3. Use S3 for static hosting only when paired with CloudFront for HTTPS and caching.
  4. Monitor costs with AWS Cost Explorer and set lifecycle rules for noncurrent versions.
  5. Don't mount S3 as a filesystem in production — use SDK for atomic operations.

We at Meteora Web use S3 daily for clients ranging from small businesses to large e-commerce. If you have doubts about your bucket configuration, check our related post on AI messaging or go back to our AWS pillar guide. Cloud tech is powerful, but it needs proper discipline.

External resource: Official AWS S3 Documentation

Ing. Calogero Bono

> AUTHOR_EXTRACTED

Ing. Calogero Bono

Ingegnere Informatico, co-fondatore di Meteora Web. Esperto in architetture software, sicurezza informatica e sviluppo sistemi scalabili.
[ Read Full Dossier ]

> METEORA_WEB // DIGITAL AGENCY

We build the digital presence your business deserves.

Websites, social media, online advertising, e-commerce and high-performance hosting, engineered with method by computer engineers in Sciacca, for all of Italy.

> OUR_SERVICES > CONTACT_US

> MW_JOURNAL

West Antarctica Is Missing Far Too Much Sea Ice, Scientists Warn
2026-06-17

West Antarctica Is Missing Far Too Much Sea Ice, Scientists Warn

The Best Robot Lawn Mowers of 2026
2026-06-17

The Best Robot Lawn Mowers of 2026

Google Home Speaker with Gemini: The Smart Speaker That Understands Natural Language
2026-06-17

Google Home Speaker with Gemini: The Smart Speaker That Understands Natural Language

Solar Geoengineering: The Engineering Challenge to Cool the Planet
2026-06-17

Solar Geoengineering: The Engineering Challenge to Cool the Planet

Facial Recognition for Refugees: Flawed Tech Is No Excuse
2026-06-18

Facial Recognition for Refugees: Flawed Tech Is No Excuse

> READ_ALL()