S3

S3 is an object store. It is not a database, and not a filesystem. S3 is essentially a key/value system, but it is not stored in-memory. The top-level entity in S3 is called a Bucket. A Bucket must be globally unique and must be DNS compliant. Even though S3 endpoint is not regional, the bucket is only stored in a single region.

One thing that is different from S3 is that you can grant cross-account access. This means that you can delegate access to the specified account owners. The specified account owner will be able to decide who can access the bucket according to their policies. Most other services don’t have cross-account access at all. Instead you need to use STS to obtain credentials for a temporary role to access resources.

S3 has resource based permissions in addition to IAM permissions for a user and role.