Amazon S3

Developers frequently leave S3 buckets public 'for testing' and forget to secure them, creating ongoing security vulnerabilities. Misconfiguration remains the third most important operational challenge in cloud security.

Retrieving files from S3 in emergency situations is difficult because public cloud data limits cause downloads to take up to 12 hours, preventing immediate access to critical content.

Open-source tools frequently use S3 with default bucket name placeholders that can collide with real user buckets. When deployed with default configuration, these tools create massive unwanted request volumes (e.g., 100 million requests), resulting in unexpected charges and service disruption.

S3 event triggers (e.g., for Lambda invocation) may fail silently, requiring developers to implement separate recovery mechanisms. This creates unpredictable behavior in event-driven architectures.

When replicating S3 objects with RTC guarantees, metadata nodes that are referenced by other objects may not be replicated, causing queries to fail when using engines like Spark or PySpark because they cannot find the referenced files or objects.

S3 is the only major object store without compare-and-swap (CAS) operations, a feature available in GCS, Azure Blob Store, Cloudflare R2, Tigris, and MinIO. This forces developers to use separate transactional stores like DynamoDB, creating ugly abstractions and two-phase write complexity.

As S3 usage evolved from archival to interactive workloads, performance constraints became friction points that distract developers from core work. Limitations force developers to implement workarounds rather than focus on building features.

Using S3's built-in static website hosting without CloudFront results in high latency for non-US regions, no caching, no DDoS protection, and lack of SSL on custom domains. This setup is only suitable for proof-of-concept.

S3 operations incur 10-100ms of round-trip delay per request due to HTTP API handling, authentication, and multi-AZ replication. This overhead is orders of magnitude higher than local or networked block storage, and each API call incurs costs, making high-frequency metadata operations expensive.

S3-compatible storage solutions don't implement advanced management features like Bucket Website Hosting, Analytics, Inventory, Logging, Replication, and Tagging. This creates operational vendor lock-in even when application code is portable, forcing developers to build custom workarounds for features that S3 handles natively.

S3 Express One Zone (S3E1Z) is missing numerous standard S3 features including object version support, bucket tags, object locks, object tags, and MD5 checksum ETags. It cannot be treated like a normal S3 bucket and lacks multi-zone support, forcing developers to design around deficiencies.

Amazon S3 performance is significantly slower when handling small objects compared to large objects, making it unsuitable for workloads with many small files.

S3 is not a POSIX-compliant filesystem and lacks critical features like atomic renames, file locking, symbolic links, and random writes. Applications designed for POSIX semantics encounter unpredictable behavior, data corruption, and dropped files when deployed on S3.

Teams often skip lifecycle policy configuration in favor of shipping product, leading to silent accumulation of logs, backups, and old data in expensive S3 Standard storage. Old multipart uploads and indefinite retention strategies cause storage bills to spiral without a clear owner.

S3 pricing and licensing structure is overly complex and difficult to understand. Developers pay even during the development phase, and there is no separate development environment tier.

Developers store and query structured data (JSON, etc.) directly from S3, treating it like a database. This approach is slow, expensive, and lacks proper query capabilities, forcing manual scanning of data.

Organizations use fragmented point-product security tools for S3, making it difficult to gain a holistic view of security posture and creating gaps in coverage.

Running backup jobs to S3 creates safety issues when attempting to implement deduplication and expire old data. There is no built-in incremental feature to address this common backup use case.

S3 exhibits occasional synchronization delays, potentially causing consistency issues in media delivery and file access workflows.

S3 does not support multi-region buckets or object appends, features available in competitors. These gaps are problematic for modern infrastructure using object storage as a primary persistence layer.

Existing S3 features like Intelligent-Tiering and cross-region replication have unexpected behavior when tables are stored as thousands of objects with application-specific access patterns, limiting their effectiveness.

Amazon S3 has no direct connector to tools like MicroStrategy, forcing developers to use third-party solutions for integration, adding complexity and additional dependencies.

AWS S3 documentation is difficult to understand, especially when integrating with other AWS services like Elemental MediaConvert. Developers must rely on external resources like AI, YouTube videos, or third-party aids to complete integrations.

S3 lacks practical search capabilities, making it difficult to locate or browse files. The UI date columns are unreliable, forcing manual navigation through potentially thousands of objects.

Releasing S3 features with painful gaps frustrates early customers and creates expensive technical debt for simplification later. The pursuit of both simplicity and velocity creates friction in product development.

Without standardized prefixes, partitioning, and clear bucket purposes, teams struggle with governance and incur unnecessary query costs. Working with very large buckets containing millions of objects becomes cumbersome without solid organization and lifecycle policies.

S3 Express One Zone costs $0.16/GB, twice the price of EBS general purpose SSD (gp3), making it an expensive option relative to its limited feature set and single-zone constraint. For the cost, it functions more like an expensive EBS with a half-implemented S3 API.

S3 performance depends on key name prefixes—prefix similarities become bottlenecks above ~100 requests/second. Developers must use non-obvious naming schemes (alphanumeric/hex hashes in first 6-8 characters) to avoid internal hot spots, which is counterintuitive.

The S3 console presents too many options and settings, making it feel like a puzzle for non-expert users. Finding specific settings and configuring buckets requires significant AWS knowledge, creating a steep learning curve for teams not already familiar with AWS.

Developers commonly hard-code S3 locations in application code, tying code to deployment details. This breaks multi-environment setups, data migrations, and code auditing efforts.

S3 does not provide built-in detailed usage monitoring dashboards. Teams must rely on integrations with external tools to track costs and usage, making it difficult to monitor spending and prevent runaway bills without manual setup and additional overhead.