S3 Flashcards
What can S3 do?
- upload any file type
ex: photos, videos, code, documents - CANNOT run an OS or database
S3 Basics (limits)
- unlimited storage (total volume)*
- objects can be up to 5 TB in size*
Buckets
- must have a universal namespace (be globally unique)
S3 URLs*
https: //bucket-name.s3.region.amazonaws.com/key-name
https: // + bucket name + .s3 + .region + /filename
Successful CLI or API uploads
Return a 200 http code
S3 key-value store
key: the name of the object (ex: beach.jpg)
value: the data itself (sequency of bytes) *
Version ID: for storing multiple versions*
Metadata: data about the data (content-type, last-modified, etc.)
S3 Availability
99.95 - 99.99% service availability
S3 Durability
99.999999999% durability
S3 Standard
- Stored in >= 3 AZs
- 99.99% availability
- 11 9’s durability
- for frequent access
S3 Standard Use Cases
- websites
- gaming apps
- big data analytics
- content distribution
Ways to secure S3 data
1) server-side encryption
2) access control lists (ACLs): can attach to a bucket or individual objects
3) bucket policies
Bucket Policy
JSON policies that apply to the bucket as a whole (& bucket contents)
S3 Consistency Model: Strong-Read-After-Write *
after a successful write of a new object or overwrite of an existing object, any subsequent request immediately receives the latest version.
- you can immediately perform a List to get all objects in a bucket with all changes reflected
Object ACL
applies to individual objects
Bucket details*
- S3 is a global view, but buckets are regional
- by default buckets and objects are private until you unblock access to them*
What are the use cases of S3 static websites?
For webpages that don’t require a database connection
- pages can also contain client-side scripts
Benefits of S3 static website?
Scales automatically to meet demand
ex: a movie trailer website. Many enterprises put static sites on S3 when there will be a lot of demand
How to make an S3 website public?*
Using a bucket policy*
S3 versioning
- all versions are stored, even if you delete an object*
- cannot be disabled once enabled, only suspended*
- can be integrated with lifecycle rules
- Supports MFA*
Why use MFA for object deletion?
to protect objects from deleting, require 2 forms of authentication
public vs private with versioning
only the most-recent version is public - everything else is restricted, unless explicitly made public
How do you restore an S3 object that has been deleted?
deleting objects adds a ‘delete marker’ to them. to restore the object, delete the delete marker
Which S3 storage class is cost-optimized for unknown access patterns?
S3 Intelligent Tiering
Which S3 storage class costs the most?
S3 Standard
Which storage classes have a retrieval fee?
S3 Infrequent Access
S3 OneZone-IA
S3 Glacier
S3 Glacier Deep Archive
Old Glacier SLAs
Glacier = archive < 12 hrs
Glacier Deep archive > 12 hours
S3 Lifecycle Management
- automates moving your objects between the different storage tiers, maximizing cost effectiveness
- Ex: move from S3 -> S3 IA -> Glacier (can configure how many days between each jump)
How do you combine Lifecycle Management with Versioning?
there’s a lifecycle configuration on the bucket management tab > select “Lifecycle Rule” with Transitions
S3 Object Lock
Prevents objects from being deleted or modified
- for a fixed amount of time, or indefintely
- if you see WORM in an S3 question, use Object Lock
- can be applied at bucket or object level
WORM model
W - Write
O - Once
R - Read
M - Many
Use case for Object Lock
- regulatory requirements
- extra layer of protections against changes or deletions
S3 Object Lock: Governance Mode*
requires special permissions to overwrite, delete, or alter lock settings
some users can alter and delete
S3 Object Lock: Compliance Mode*
nobody can alter the object, including root user
- for a specific retention period
S3 Object Lock : Retention Period
a timestamp in metadata indicating when the retention period expires
S3 Object Lock: Legal Hold
prevents object version from being overwritten or deleted
- remains in effect until the flag is removed
What permission do you need to remove a legal hold?
S3: PutObjectLegalHold
Glacier Vault Lock*
a way of applying a WORM model to Glacier
S3 Encryption in transit*
uses https
the “s” = SSL/TSL certificate
S3 Encryption at rest*
Server-Side encryption
A) SSE-S3: S3 manages your keys (AES 256 bit)
B) SSE-KMS: KMS manages your keys
C) SSE-C: Customer (you) manage the keys
S3 Client-Side Encryption*
you encrypt the files yourself before uploading to S3
2 ways to apply encryption to S3
1) via the console
2) using a bucket policy*
- - denies any PUT request that doesn’t include the x-amz-server-side-encryption parameter in the request header
S3 Prefixes*
folders inside S3 buckets
ex: mybucketname/folder1/subfolder1/file.jpg
prefix = /folder1/subfolder1
S3 Performance*
Extremely low latency
- the more prefixes, the better the latency*
- 3500 PUT/COPY/POST/DELETE per second, per prefix
- 5,500 GET/HEAD per second, per prefix
ex: 2 prefixes = 11,000 request per second
4 prefixes = 22,000 requests per second
S3 Limitations with KMS*
KMS has built in limits on SSE-KMS
- limits are region specific: 5,500, 10,000 or 30,000 requests per second
- uploads and downloads count toward the limit
- on exam, it may be best to use SSE-S3 instead. *
S3 Performance Uploads
Multi-Part uploads -> parallelize uploads
- increases efficiency
- required for files over 5 GB
- recommended for files over 100 MB
S3 Performance Downloads
S3 Byte-Range fetches
- parallelize downloads by specifying byte ranges
- can be used to speed up downloads
- can be used to download partial amounts of the file (eg. header info)
S3 Replication for Backing Up
- previously called cross-region replication*
- a way of replicating objects from one bucket to another*
- versioning must be enabled on both buckets for this to work*
Turn on S3 Replication
1) create 2 new buckets
2) turn on replication for both
3) upload all the files to one bucket
4) delete markers are not replicated by default*
(your replication bucket can have a different storage class to save money)
