10 - Storage Flashcards

1
Q

Amazon S3

A

1) Storage Classes: Standard, Intelligent Tiering, Standard IA, One-Zone IA, Glacier, Glacier Deep Archive
2) S3 Security - Encryption
* Encryption In Transit - SSL/TLS
* Server Side Encryption (SSE) - Encryption At Rest: SSE-AES, SSE-KMS, SSE-C
* Client-Side Encryption - You encrypt your own files before uploading them to S3
3) S3 - Cross Region Replication (CRR) - Automatically replicated to another region(s), provides higher durability and potential disaster recovery for objects
4) S3 Transfer Acceleration - Faster and secure transfer of files over long distances between your end users and an S3 bucket. Utilises CloudFront’s distributed Edge Locations.
5) Pre-signed Urls - Generate a url which you temporary access to an object to either upload or download object data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Amazon S3 CheatSheet

A

1) Simple Storage Service (S3) Object-based storage. Store unlimited amount of data without worry of underlying storage infrastructure
2) S3 replicates data across at least 3 AZs to ensure 99.99% Availability and 11’ 9s of durability
3) Objects can be size anywhere from 0 bytes up to 5 Terabytes
4) Lifecycle Management Objects can be moved between storage classes or objects can be deleted automatically based on a schedule
5) Versioning Objects are giving a Version ID
6) Access Control is configured using Bucket Policies and Access Control Lists (ACL)
7) Bucket Policies are JSON documents which let you write complex control access
8) ACLs are the legacy method where you grant access to objects and buckets with simple actions
9) Security In Transit - Uploading files is done over SSL
10) SSE stands for Server Side Encryption. S3 has 3 options for SSE
11) SSE-AES - S3 handles the key, uses AES-256 algorithm
12) SSE-KMS - Envelope encryption via AWS KMS and you manage the keys
13) SSE-C - Customer provided key (you manage the keys)
14) Client-Side Encryption - You must encrypt your own files before uploading them to S3
15) Cross Region Replication (CRR) allows you to replicate files across regions for greater durability. Versioning must be turned ON. You can have CRR replicate to bucket in another AWS account.
16) Transfer Acceleration - Provide faster and secure uploads from anywhere in the world. Data is uploaded via distinct URL to an Edge Location. Data is then transported to your S3 bucket via AWS backbone network.
17) Pre-signed Urls is a url generated via AWS CLI and SDK. It provides temporary access to write or download object data. Pre-signed Urls are commonly used to access private objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Amazon Elastic File System (EFS) Cheat Sheet

A

1) EFS supports the Network File System version 4 (NFSv4) protocol
2) You pay GB of storage per month
3) Volumes can scale to petabyte size storage
4) Volumes will shrink and grow to meet current data stored (elastic)
5) Can support thousands of concurrent connections over NFS
6) Your data is stored across multiple AZs within a region
7) Can mount multiple EC2 instance to a single EFS (as long as they are all in the same VPC0
8) Creates Mount Points in all your VPC subnets so you can mount from anywhere within your VPC
9) Provides Read After Write Consistency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Amazon Elastic Block Store (EBS) Cheat Sheet

A

1) EBS is a virtual hard disk. Snapshots are a point-in-time copy of that disk
2) Volumes exists on EBS. Snapshots exist on S3
3) Snapshots are incremental, only changes made since the last snapshot are moved to S3
4) If taking Snapshot of a root volume, the EC2 instance should be stopped before Snapshotting
5) You can take Snapshots while the instance is still running
6) You can create AMIs from Volumes, or from Snapshots
7) EBS Volumes - A durable, block-level storage device that you can attach to a single EC2 instance
8) EBS Volumes can be modified on the fly eg. storage type or volume size
9) Instance Store Volumes - A temporary storage type located on disks that are physically attached to a host machine
10) Instance Store Volumes (ephemeral) cannot be stopped. If the host fails then you lose your data
11) By default root volumes are deleted on termination
12) EBS Volumes can have termination protection (don’t delete the volume on termination)
13) Snapshots or restored encrypted volumes will also be encrypted
14) You cannot share a snapshot if it has been encrypted
15) Unencrypted snapshots can be shared with other AWS accounts or made public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AWS Storage Gateway Cheat Sheet

A

1) Storage Gateway connects on-premise storage to cloud storage (hybrid storage solution)
2) There are 3 types of Gateways: File Gateway, Volume Gateway, Tape Gateway
3) File Gateway - lets S3 act a local file system using NFS or SMB, extends your local hard drive to S3
4) Volume Gateway is used for backups and has 2 types: Stored and Cached
* Stored Volume Gateway continuously backups local storage to S3 as EBS Snapshots Primary Data on-Premise. Stored Volumes are 1GB to 16TB in size
* Cached Volume Gateway caches the frequently used files on-premise. Primary Data is stored on S3. Cached Volumes are 1GB to 32GB in size
5) Tape Gateway backups up virtual tapes to S3 Glacier for long archive storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly