Amazon S3 Flashcards
S3 - Buckets
- Amazon S3 allows people to store objects (files) in “buckets” (directories)
- Buckets must have a globally unique name (across all regions all accounts)
- Buckets are defined at the region level
- S3 looks like a global service but buckets are created in a region
S3 - Objects
- Objects (files) have a Key
- The key is the FULL path
- The key is composed of prefix + object name
S3 Security
User based
• IAM policies - which API calls should be allowed for a specific user from IAM
console
Resource Based
• Bucket Policies - bucket wide rules from the S3 console - allows cross account
• Object Access Control List (ACL) – finer grain
• Bucket Access Control List (ACL) – less common
S3 Bucket Policies
• Grant public access to the bucket
• Force objects to be encrypted at upload
• Grant access to another account (Cross
Account)
S3 Access Logs
- For audit purpose, you may want to log all access to S3 buckets
- Any request made to S3, from any account, authorized or denied, will be logged into another S3 bucket
S3 Standard – General Purposes
- 99.99% Availability
- Used for frequently accessed data
- Low latency and high throughput
- Sustain 2 concurrent facility failures
S3 Standard – Infrequent Access (IA)
- Suitable for data that is less frequently accessed, but requires rapid access when needed
- 99.9% Availability
- Lower cost compared to Amazon S3 Standard, but retrieval fee
- Sustain 2 concurrent facility failures
S3 Intelligent-Tiering
- 99.9% Availability
- Same low latency and high throughput performance of S3 Standard
Cost-optimized by automatically moving objects between two access
tiers based on changing access patterns:
• Frequent access
• Infrequent access
• Resilient against events that impact an entire Availability Zone
S3 One Zone - Infrequent Access (IA)
- Same as IA but data is stored in a single AZ
- 99.5% Availability
- Low latency and high throughput performance
- Lower cost compared to S3-IA (by 20%)
Amazon Glacier and Glacier Deep Archive
- Low cost object storage (in GB/month) meant for archiving / backup
- Data is retained for the longer term (years)
- Various retrieval options of time + fees for retrieval:
Amazon Glacier – cheap:
• Expedited (1 to 5 minutes)
• Standard (3 to 5 hours)
• Bulk (5 to 12 hours)
Amazon Glacier Deep Archive – cheapest:
• Standard (12 hours)
• Bulk (48 hours)
S3 Object Lock
- Adopt a WORM (Write Once Read Many) model
* Block an object version deletion for a specified amount of time
Glacier Vault Lock
- Adopt a WORM (Write Once Read Many) model
- Lock the policy for future edits (can no longer be changed)
- Helpful for compliance and data retention
Snowball Edge
- Physical data transport solution: move TBs or PBs of data in or out of AWS
- Alternative to moving data over the network (and paying network fees)
- Pay per data transfer job
- Provide block storage and Amazon S3-compatible object storage
- Snowball Edge Storage Optimized / Compute Optimized
AWS Snowcone
- Small, portable computing, anywhere
- 8 TBs of usable storage
- Can be sent back to AWS offline, or connect it to internet and use AWS DataSync to send data
AWS Snowmobile
- Transfer exabytes of data (1 EB = 1,000 PB = 1,000,000 TBs)
- Better than Snowball if you transfer more than 10 PB
