3_AWS Object Storage, CDN and CloudFront Flashcards
CloudFront
Amazon CloudFront can be used to deliver your entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations.
Requests for your content are automatically routed to the nearest edge location, so content is delivered with the best possible performance.
CloudFront
Amazon CloudFront can be used to deliver your entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations.
Requests for your content are automatically routed to the nearest edge location, so content is delivered with the best possible performance.
CloudFront - Exam Tips
- Edge Location: This is the location where content will be cached. This is separate to an AWS Region/AZ
- Origin: This is the origin of all the files that the CDN will distribute. This can be either an S3 bucket, an EC2 instance, an Elastic Load Balancer or Route 53
-
Distribution: This is the name given the CDN which consists of a collection of Edge Locations
- Web Distribution: typically used for Websites
- RTMP: used for Media Streaming
CloudFront - Exam Tips
- Edge Location: This is the location where content will be cached. This is separate to an AWS Region/AZ
- Origin: This is the origin of all the files that the CDN will distribute. This can be either an S3 bucket, an EC2 instance, an Elastic Load Balancer or Route 53
- Distribution: This is the name given the CDN which consists of a collection of Edge Locations
- Web Distribution: typically used for Websites
- RTMP: used for Media Streaming
CloudFront - Exam Tips
- Edge Locations are not just READ only, you can write to them too (i.e. put an object on to them)
- Objects are cached for the life of the TTL (time to live)
- How to expire contents:
- TTL: wait for the TTL to expire
- Change object name: Header-v1.jpg becomes Header-v2.jpg, new name force refresh
- Invalidate object: You can clear cached objects, but you will be charged
CloudFront - Exam Tips
- Edge Locations are not just READ only, you can write to them too (i.e. put an object on to them)
- Objects are cached for the life of the TTL (time to live)
- How to expire contents:
- TTL: wait for the TTL to expire
- Change object name: Header-v1.jpg becomes Header-v2.jpg, new name force refresh
- Invalidate object: You can clear cached objects, but you will be charged
CloudFront Signed URLs and Cookies [SAA-C02]
- Use signed URLs/cookies when you want to secure content so that only the people you authorize are able to access it.
- A signed URL is for individual files. 1 files = 1 URL
- A signed cookie is for multiple files. 1 cookie = multiple files
- If you origin is EC2, then use CloudFront. If origine is S3 then use S3 signed URL
Import/Export - Exam Tips
- Import/Export Disk
- Import to EBS
- Import to S3
- Import to Glacier
- Export from S3
- Import/Export Snowball
- Import to S3
- Export to S3
Import/Export - Exam Tips
- Import/Export Disk
- Import to EBS
- Import to S3
- Import to Glacier
- Export from S3
- Import/Export Snowball
- Import to S3
- Export to S3
Snowball - Exam Tips
- Snowball
- Snowball Edge
- Snowmobile
Snowball - Exam Tips
- Snowball
- Snowball Edge
- Snowmobile
Storage Gateway
AWS Storage Gateway is a service that connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization’s on-premises IT environment and AWS’s storage infrastructure. The service enables you to securely store data to the AWS cloud for scalable and cost-effective storage.
Storage Gateway
AWS Storage Gateway is a service that connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization’s on-premises IT environment and AWS’s storage infrastructure. The service enables you to securely store data to the AWS cloud for scalable and cost-effective storage.
Storage Gateway - Types of Storage Gateways
- Files Gateway (NFS): For flat files, stored directly on S3
- Volumes Gateway (iSCSI)
- Stored Volumes: Entire Dataset is stored on site and is asynchronously backed up to S3
- Cached Volumes: Entire Dataset is stored on S3 and the most frequently accessed data is cached on site
- Tape Gateway (Virtual Tape Library - VTL): Used for backup and uses popular backup applications like Netbackup, BackupExec, Veam, etc.
Storage Gateway - Types of Storage Gateways
- Files Gateway (NFS): For flat files, stored directly on S3
- Volumes Gateway (iSCSI)
- Stored Volumes: Entire Dataset is stored on site and is asynchronously backed up to S3
- Cached Volumes: Entire Dataset is stored on S3 and the most frequently accessed data is cached on site
- Tape Gateway (Virtual Tape Library - VTL): Used for backup and uses popular backup applications like Netbackup, BackupExec, Veam, etc.
File Gateway
For flat files, stored directly in S3.
Files are stored as objects in your S3 buckets, accessed through a Network File System (NFS) mount point. Ownership, permissions, and timestamps are durably stored in S3 in the user-metadata of the object associated with the file. Once objects are transferred to S3, they can be managed as native S3 objects, and buckets policies such as versioning, lifecycle management, and cross-region replication apply directly to objects stored in your bucket.
File Gateway
Files are stored as objects in your S3 buckets, accessed through a Network File System (NFS) mount point. Ownership, permissions, and timestamps are durably stored in S3 in the user-metadata of the object associated with the file. Once objects are transferred to S3, they can be managed as native S3 objects, and buckets policies such as versioning, lifecycle management, and cross-region replication apply directly to objects stored in your bucket.
Volume Gateway
The volume interface presents your applications with disk volumes using the iSCSI block protocol.
Data written to these volumes can be asynchronously backed up as point-in-time snapshots of your volumes, and stored in the cloud as Amazon EBS snapshots.
Snapshots are incremental backups that capture only changed blocks. All snapshots storage is also compressed to minimize your storage charges.
Volume Gateway
The volume interface presents your applications with disk volumes using the iSCSI block protocol.
Data written to these volumes can be asynchronously backed up as point-in-time snapshots of your volumes, and stored in the cloud as Amazon EBS snapshots.
Snapshots are incremental backups that capture only changed blocks. All snapshots storage is also compressed to minimize your storage charges.
Volume Gateway - Stored Volumes
Entire dataset is stored on site and is asynchronously backed up to S3.
Volume Gateway - Stored Volumes
Volume Gateway - Cached Volumes
Entire Dataset is stored on S3 and the most frequently accessed data is cache on site.
Volume Gateway - Cached Volumes
Volume Gateway - Tape Gateway
Volume Gateway - Tape Gateway
Athena vs. Macie [SAA-C02]
Athena:
- Athena is an interactive query service
- It allows you to query data located in S3 using standard SQL
- Serverless
- Commonly used to analyse log data stored in S3
Macie:
- Macie uses AI to analyze data in S3 and helps identify PII
- Can also be used to analyze CloudTrail logs for suspicious API activity
- Includes Dashboards, Reports and Alerting
- Great for PCI-DSS compliance and preventing ID theft
