Pros/Cons of Storing Customers' Files in S3 Buckets for your SaaS
Laurent Lemaire
Co-founder, SimpleBackups
April 11, 2019
If you are building an application that needs to store customers' data in the cloud, you have a few options to think about.
In this post I will be comparing two common options we analyzed in the past and list their pros and cons based on our trials. I will be using AWS S3 and DigitalOcean Spaces as reference.
Photo by Robert V. Ruggiero on Unsplash
👉 The options we compared were:
A.Separate buckets for customers. Where each bucket represents a customer's folder.\ B.Separate customer folders in one bucket (recommended most of the time).
A. Separate buckets
👍 The pros of using separate buckets:
More organization, security and data separation since every customer has his/her own data in a particular bucket.
The ability to allow customers to access their data by giving them access to their own buckets.
Easily block access, delete or know the size of a customer's bucket.
👎 The cons of using separate buckets:
If your app relies on a naming convention for each customer's bucket and for some reason the name of the bucket is taken or unavailable then you have to break the naming convention.
It is extremely complex if you ever think of backing up customer data (may have to back up hundreds or thousands of buckets).
It is almost impossible to migrate to another storage provider (migrate hundreds or thousands of customers' buckets from S3 to DigitalOcean Spaces for example) if you decide you need to migrate to another provider.
High overhead if you need to make global changes to the buckets' settings (change the storage class for example of buckets).
B. Separate folders in one bucket
👍 The pros of using separate folders all in one bucket:
Very easy to manage the bucket settings for all customers, no overhead.
Easy to migrate data and easy to back up the whole bucket into another bucket or even back it up on another storage provider (back up an S3 bucket into DigitalOcean Spaces).
You can fully control the naming convention of customer folders, no worries about unavailable names (bucket-name/customer-01, bucket-name/customer-02).
👎 The cons of using separate folders all in one bucket:
You need to depend on the app layer to block access or know the size of a customer's folder. Can be done but not as easy as option ‘A'.
Full access to the bucket means full access to all customers' folders.
⚠️ Notes:
On AWS S3, you can create credentials that give access to a particular folder in a bucket. Making it function as a virtual bucket (pro for option B if you are using S3).
On DigitalOcean Spaces, in the time being, any credentials you create give access to all DigitalOcean Spaces buckets and all their folders (con for option A if you are using DigitalOcean).
Let me know if that's helpful and what you end up doing!