Chapter 5 - S3 Overview Flashcards
S3
- S3 is 1 of the oldest services with AWS
- S3 stands for Simple Storage Service
- it’s object storage in the cloud
- It provides secure, durable, and highly scalable object storage.
- S3 allows you to store and retrieve any amount of data from anywhere on the web at a very low cost. So it’s extremely scalable.
- What you don’t want to do with S3 - is install an operating system.
- So you can’t run or install Windows or Linux on S3. You can’t run databases off S3.
- Basically S3 is just a place to store your static files.
S3 - Exam Tips
- Object-based storage
- It allows you to upload and store files in the cloud.
- It’s not suitable for operating systems or database storage.
- So you can’t just go in and install Windows or Linux or run a MySQL database on S3.
- It’s suitable for files that are up to 5 terabytes in size.
- Your files can be anywhere from 0 bytes to 5 terabytes, and you get unlimited storage.
- Remember that files are stored in buckets, and that S3 is a universal namespace.
- when you upload files to S3, your browser always get an HTTP 200 status code.
- S3 automatically scales with demands
- Can use versioning with lifecycle rules, so you can integrate it with lifecycle rules.
- So you can basically move your older versions to different storage tiers,
metadata in S3
- just data about your data
- so data about the data that you’re storing
- So it could be the content type,
- for example, if it’s an image,
- or when it was last modified, etc.
securing your buckets with S3
- S3 buckets are private by default.
- When you create an S3 bucket, it’s private and all the objects within it are private
- you have to go in and allow public access on both the bucket and its objects in order to make the bucket public.
Object ACLs
Access control lists that you apply on individual objects using object ACLs.
- So this is a way of giving permissions to make individual objects public
- you could put an object ACL saying you’re not allowed to delete this object.
Bucket policies
Bucket policies are bucket-wide policies.
- So you can make entire buckets public using bucket policies.
- You create a bucket policy that makes every object within your bucket public.
- And this is basically used just for static content.
- If you need a database connection using S3, you don’t want to run your websites in S3. You would then use something like EC2.
6 different storage tiers
S3 Standard - is suitable for most workloads - so websites, content distribution, mobile and gaming applications.
S3 Standard-Infrequent Access - is good for long-term, infrequently accessed but critical data. So this could be your backups, your data store for your disaster recovery, etc.
S3 One Zone-Infrequent Access - is great for long-term, infrequently accessed but non-critical data because it is only going to be in 1 Availability Zone
Just remember the retrieval times.
- S3 Glacier - So essentially if you need it before 12 hours,
- Glacier deep Archive - If you’re okay to wait an average of 12 hours or more. Least expensive.
S3 Intelligent-Tiering - This basically just uses machine learning to move your objects between the different tiers to save you the most amount of money. And it’s used for unknown or unpredictable access patterns.
3 tips for lifecycle management
- This basically automates the moving of your objects between the different storage tiers.
- It can be used in conjunction with versioning,
- It can be applied to current versions and previous versions of your object.
S3 Object Lock
- to store objects using a write once, read many model.
- So as soon as you see the term WORM and it’s talking about S3, I want you to think of S3 Object Lock
- This can be on individual objects or applied across the bucket as a whole.
It always comes in 2 modes.
- governance mode
- compliance mode.
Governance mode
Users can’t overwrite or delete an object version after its lock settings
unless they have special permission.
Compliance mode
- If you need to ban all users from being able to access or to be able to write and delete those objects
- This basically stops anyone from doing it, including the root account or the root user within your AWS account.
WORM model
- It’s talking about Glacier, then you want S3 Glacier Vault Lock.
- This allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy.
- And you can specify a control, such as a WORM model,in a vault lock policy and lock the policy from future edits.
- And once locked, the policy can no longer be changed.
Encryption with S3
2 different types of ways we can encrypt data.
- Encryption in transit - is sending the data to S3.
- encryption at rest - using server-side encryption.
So that’s all SSE stands for is server-side encryption.
Optimizing performance with S3
So we looked at prefixes
- So a prefix is simply the folder and then subfolder within a S3 bucket.
- Remember that you can achieve a high number of requests.
- So 3,500 put, copy, post, deletes and then 5,500 get and head requests per second, per prefix.
- And of course the more prefixes you have, the better performance that you get.
- To optimize our performance, we can use multipart uploads to increase performance when uploading to S3.
S3 Replication
- This is where you can replicate objects from 1 bucket to another.
- It used to be that you would do this across regions.
- So if the exam questions haven’t been updated,they could call it cross-region replication
- You can also do it to buckets in the same region, as well as different regions.
- Just remember when you turn this on that objects in an existing bucket are not going to be replicated automatically.
- By default, delete markers are not replicated automatically from 1 bucket to another, but you can turn that on as an option.
