AWS Storage

Question 1

Amazon Simple Stirage Service (S3) is good for

Answer 1

• Maintain backup archives, log files and DR images
• Running analytics on a big data at rest
• Hosting static websites

Question 2

What is a difference between EBS and S3

Answer 2

With block-level storage on a raw physical storage device is divided into individual blocks whose use is managed by a file system. NTFS is a common filèsystem used by Windows, and Linux might use btrfs or ext4. The filesystem, on behalf of the installed OS, is responsible for allocating space for the files and data that are saved to the underlying device and for providing access whenever the OS needs to read some data.
An object storage system like S3, on the other hand, provides what you can think of as a
flat surface on which to store your data. This simple design avoids some of the OS-tz
complications of block storage and allows anyone easy access to any amount of probs
ally designed and maintained storage capacity.
When you write files to $3, they’re stored along with up to 2 KB of metadata.

Question 3

What is default max of how many buckets you can create for a given account

Answer 3

• By default for a given account you can create 100 buckets

- it can be changed for additional fee

Question 4

What is the unique scope of backer names

Answer 4

• The bucket name should be unique within an entire S3 system
• Though bucket and its content exist only within a single AWS region

Question 5

What is prefix is used for

Answer 5

• S3 does not have a hierarchical structure but use of prefixes can simulate a more structured organization
• prefixes tell S3 to group objects together as related
• S3 recognizes folder/directory structures as they are uploaded and emulates their hierarchical design within the buckets , automatically converting slashes into delimiters.
• “/“ is a delimiter

Question 6

Is there a limit to the Tom total amount of data that can be stored at S3

Answer 6

• There is no theoretical limit to the amount of data that can be stored at S3 bucket
• but the single object can not be larger then 5 TB
• individual upload cannot be larger then 5 GB
• Multiparty Upload feature should be used for any large object over 100MB large object upload. It automatically splits object into the smaller pieces and transmission of each pice can be restarted without restarting entire transmission
• Multiparty Upload is automatically used while one uses CLI and high-level API for uploads

Question 7

How Amazon S3 Transfer Acceleration is working

Answer 7

If you need to transfer large files Amazon S3 Transfer Acceleration configuration could be used

• when buckets are configured to use TA uploaded are routed through geographically nearby AWS edge location and , from there routed using Amazon internal network
• Amazon S3 Acceleration Speed Comparison Tool can be used to find out if its helps

Question 8

What are types of encryption to be used with S3

Answer 8

Two types on a high level

• Sever side encryption
• Client side encryption

Question 9

What is SSE-S3

Answer 9

SSE-S3 is a server-side encryption used by S3 to encrypt and decrypt very step using AWS own enterprise standart

Question 10

What is SSE-KMS

Answer 10

Sever-Side Encryption with AWS KMS-Managed Keys. Beyond SSE-S3 envelop keys are used with additional audit trail of key usage. You can import your own keys using AWS KMS service

Question 11

What is SSE-C

Answer 11

Server-Side Encryption with Customer-Provided Keys (SSE-C). YTOu provide keys to used by S3 for encryption

Question 12

Client-side encryption

Answer 12

It is possible to encrypt data before it is transferred to S3
This could be done using an AWS KMS-Managed Customer Master Key (CMK) which produces a unique key for each object before its uploaded.
- You can also use Client-Side Master Key, which you provide through the AWS S3 encryption client
The regulatory demands can force you to use client-side encryption as only viable solution to maintain a full control of keys.

Question 13

S3 logging

Answer 13

• tracking S3 event to log files is disabled by default
• when you enable logging you would need to specify target bucket as well as bucket where data would be logged
• optionally you can specify delimiters and prefixes to make easier to identify logs from multiple buckets
  Basic event logged are:
• account IP address of the requestor
• source bucket name
  The action that was requested (GET, PUT, POST, DELETE, etc)
• the time the request was issued
• the response status (including error code)

Question 14

S3 storage classes

Answer 14

Different storage classes of S3 and Glasier provide different levels of DURABILITY and AVAILABILITY

• S3 Standard
• S3 Standard-IA
• S3 One-Zone-IA
• S3 Intelligent-Tiering

Question 15

S3 durability

Answer 15

• S3 standard 99,999999999 (11 nines)

- S3 Reduced Redundancy Storage (RRS) - 99,99 - available for historic purpose only and not recommended.

Question 16

S3 Availability for different classes

Answer 16

99.99% percent availability means that service will have less then 2 hour of down time in YEAR (in the book it is 9 hours - I think it is calculation mistake)

• S3 Standard – 99.99%
• S3 Standard-IA – 99.9%
• S3 One Zone-IA – 99.5%
• S3 Intelligent-Tiering – 99.9%

S3 provides read-after-write consistency for creation (PUT) operations

Question 17

S3 versioning and Life cycle management

Answer 17

• on bucket level can setup versioning and life cycle management
• you can setup number of days in one storage class after which it will be transition to another
• prefixes in the bucket optionally can used to apply lifecycle rules to only certain objects in the bucket
• 30 DAYS is the MIN one object can exist in one class storage
• You cannot move directly from S2 Standard to RRS

Question 18

S3 bucket and object access control

Answer 18

• by default S3 buckets are accessible to your account but no other accounts or external users
• access control methods
  + ACL (legacy)
  + S3 bucket policies (recommended)
  + IAM policies (recommended)
  S3 bucket policies are JSON doc attached to a bucket
• S3 polices to be use to control multiple external account and users
• IAM because they exist at the account level, will make sense to control the way individual users or/and roles access multiple resource including S3
• bucket policies allow specify access by time of the day or CIDR (Classes Inter0Domain Routing) IP address blocks.

Question 19

Amazon S3 Access Points

Answer 19

• is a host name that can point to a defined subset of objects in a bucket. Enables clients invoking the hostname to read/write only the data you allow as long as you allow it.

Question 20

Presigned URL

Answer 20

to provide a temporary access to an object that otherwise is private. URL will exist specified amount of time in seconds and later will become invalid

Question 21

S2 Select and Glacier Select

Answer 21

AWS provides method to access data stored on S3 and Glacier select similar to SQL
Example of large CSV file of sales access by different groups for analysis.

Question 22

S3 Glacier

Answer 22

• durability 11 9’s
• vault is a bucket
• archive is an object/document
• archive size is up to 40 TB
• archives have a machine generated names
• long retrieval time a few hours
• vaults are not globally unique
  Glacier storage tiers - Standard and Deep Archive:
  + about 4 times difference in cost between Deep and Standard

Question 23

Storage pricing

Answer 23

AWS Simple Monthly Calculator (calculator.s3.amazonaws.com/index.html)

Question 24

Oher Storage-Related Services

Answer 24

• Amazon Elastic File System (EFS) - scalable and sharable file storage from Linux instances. Design to be access whin VPC via Network File System (NFS) form EC2 or on prem file systems (connected via AWS Direct Connect)
• Amazon FSx - Two flavors FSx for Lustre and Amazon FSx for Windows File Servers. FSx for windows file servers offers the kind of filesharing service EFS provides but for Windows. Integrates with (Serber Message Block (SMB), NTFS and Microsoft AD)
• AWS Storage Gateway - provides software gateway appliances to enable usage of AS platform S2 and EBS
• AWS Snowball to move terabytes or even petabyte scaled data or AWS Snowmobile