By id: SKL-s3-S3INTEGRATION name: S3 Integration description: 'Amazon S3 (Simple Storage Service) is an object storage service that offers industry-leading scalability, data availability, security, and performance. MinIO is an S3-compatible object storage server ' version: 1.0.0 status: active owner: '@cerebra-team' last_updated: '2026-02-22' category: Backend tags:
- api
- backend
- server
- database stack:
- Python
- Node.js
- REST API
- GraphQL difficulty: Intermediate
S3 Integration
Skill Profile
(Select at least one profile to enable specific modules)
- DevOps
- Backend
- Frontend
- AI-RAG
- Security Critical
Overview
Amazon S3 (Simple Storage Service) is an object storage service that offers industry-leading scalability, data availability, security, and performance. MinIO is an S3-compatible object storage server that can be self-hosted.
Why This Matters
S3 and S3-compatible storage solutions are essential for modern applications because they provide:
- Scalability: Virtually unlimited storage capacity
- Durability: 99.999999999% durability
- Availability: 99.99% uptime SLA
- Security: Encryption, access control, and compliance
- Cost-Effectiveness: Pay only for what you use
This skill provides comprehensive patterns for integrating with AWS S3 and MinIO, including upload/download, presigned URLs, access control, encryption, and cost optimization.
Core Concepts & Rules
1. Core Principles
- Follow established patterns and conventions
- Maintain consistency across codebase
- Document decisions and trade-offs
2. Implementation Guidelines
- Start with the simplest viable solution
- Iterate based on feedback and requirements
- Test thoroughly before deployment
Inputs / Outputs / Contracts
- Inputs:
- <e.g., env vars, request payload, file paths, schema>
- Entry Conditions:
- <Pre-requisites: e.g., Repo initialized, DB running, specific branch checked out>
- Outputs:
- <e.g., artifacts (PR diff, docs, tests, dashboard JSON)>
- Artifacts Required (Deliverables):
- <e.g., Code Diff, Unit Tests, Migration Script, API Docs>
- Acceptance Evidence:
- <e.g., Test Report (screenshot/log), Benchmark Result, Security Scan Report>
- Success Criteria:
- <e.g., p95 < 300ms, coverage ≥ 80%>
Skill Composition
- Depends on: None
- Compatible with: None
- Conflicts with: None
- Related Skills: None
Quick Start / Implementation Example
- Review requirements and constraints
- Set up development environment
- Implement core functionality following patterns
- Write tests for critical paths
- Run tests and fix issues
- Document any deviations or decisions
# Example implementation following best practices
def example_function():
# Your implementation here
pass
Assumptions
- AWS credentials are properly configured
- S3 bucket exists and is accessible
- Sufficient permissions for bucket operations
- Network connectivity to AWS S3
Compatibility
- AWS S3: Universal compatibility
- MinIO: S3-compatible API
- Other S3-compatible services: Generally compatible
Test Scenario Matrix
| Scenario | Test Case | Expected Result |
|---|---|---|
| Upload File | Upload small file | File uploaded successfully |
| Download File | Download existing file | File content matches original |
| Presigned URL | Generate and use presigned URL | Access granted without credentials |
| Encryption | Upload encrypted file | File encrypted at rest |
| CORS | Access from different origin | Request allowed |
| Lifecycle | Old file deleted | File deleted after expiration |
Technical Guardrails & Security Threat Model
1. Security & Privacy (Threat Model)
- Top Threats: Injection attacks, authentication bypass, data exposure
- Data Handling: Sanitize all user inputs to prevent Injection attacks. Never log raw PII
- Secrets Management: No hardcoded API keys. Use Env Vars/Secrets Manager
- Authorization: Validate user permissions before state changes
2. Performance & Resources
- Execution Efficiency: Consider time complexity for algorithms
- Memory Management: Use streams/pagination for large data
- Resource Cleanup: Close DB connections/file handlers in finally blocks
3. Architecture & Scalability
- Design Pattern: Follow SOLID principles, use Dependency Injection
- Modularity: Decouple logic from UI/Frameworks
4. Observability & Reliability
- Logging Standards: Structured JSON, include trace IDs
request_id - Metrics: Track
error_rate,latency,queue_depth - Error Handling: Standardized error codes, no bare except
- Observability Artifacts:
- Log Fields: timestamp, level, message, request_id
- Metrics: request_count, error_count, response_time
- Dashboards/Alerts: High Error Rate > 5%
Agent Directives
- Always use appropriate storage class for access patterns
- Enable server-side encryption for sensitive data
- Use presigned URLs for temporary access
- Implement retry logic with exponential backoff
- Clean up incomplete multipart uploads
Definition of Done (DoD) Checklist
- Tests passed + coverage met
- Lint/Typecheck passed
- Logging/Metrics/Trace implemented
- Security checks passed
- Documentation/Changelog updated
- Accessibility/Performance requirements met (if frontend)
Anti-patterns
- Using bucket ACLs: Use bucket policies instead
- Not encrypting sensitive data: Always use server-side encryption
- Hardcoding credentials: Use environment variables or IAM roles
- Not using appropriate storage class: Choose based on access patterns
- Ignoring lifecycle policies: Implement automatic cleanup
Reference Links & Examples
- Internal documentation and examples
- Official documentation and best practices
- Community resources and discussions
Versioning & Changelog
- Version: 1.0.0
- Changelog:
- 2026-02-22: Initial version with complete template structure