# IAM --- * Groups can not be set as hierarchy * Groups are set flat.   ## S3  * S3 service is a legacy service * It was introduced before IAM, because of that it doesnt require to provide region, Account id. * Because the lack of IAM, all buckets have to have a unique name. ## Hirarchy for checking credentials  ## S3: 2 ways to retrive an object from bucket  Ex: * https://**s3.region**.amazonaws.com/bucketName/.../..abc.txt * https://**bucketName.s3**.amazonaws.com/.../.../abc.txt * A bucket can store upto 5TB * An Object can store upto 5GB * API maxes out at 5GB to post a file into a bucket * Better way to post large file is to break it into small chunks ### Everything in s3 is read only. Only way to modifying is either delete or overwrite it.