S3 Flashcards
S3
infinitely scaling storage
a system, a service that allows us to store objects = files into buckets or directories
not a global service!!! regional!
each buckets must have
a globally unique name.
buckets and regions
The buckets are defined at the region level, so even though S3 is a global service, buckets are regional resource
naming convention
- no upper case,
- no underscore
- three to 63 characters long,
- it should not be an IP,
- it must start with a lowercase letter or a number.
objects and keys
in these S3 buckets, we need to create objects.
And objects are files and they must have a key.
key
is the full path to that file.
s3://my-bucket/my_file.txt
So if we have a bucket named my-bucket and an object named my_file.txt, then the key is my_file.txt
key: if we have folder structures within our S3 buckets
s3://my-bucket/my_folder/another_folder/my_file.txt
then the key is the full path
my_folder/another_folder/my_file.txt
the key can be decomposed in two things
key prefix and the object name.
s3: //my-bucket/my_folder/another_folder/my_file.txt
prefix: my_folder/another_folder/
object name: my_file.txt
even though there’s no concepts of directories within buckets,
just very, very long key names
the exam will try to trick you into thinking otherwise because we could create quote unquote directories within S3.
But in fact they are just keys with very long names that contains slashes.
object values
are the content of the body.
maximum object size on Amazon S3
five terabytes = 5,000 gigabyte
but you cannot upload more than five gigabytes at a time. So that means that if you want to upload a big object of five terabytes you must divide that object into parts of less than five gigabytes and upload these parts independently into what’s called a multi-part upload.
object metadata
list of text key / value pairs that could be system or user metadata.
To add info to your objects
object tags
Unicode key/value pair - up to 10
useful for security on your objects or lifecycle policies
Version
Objects have a version id if versioning is enabled
it has to be enabled at the bucket level.
if you re upload a file version with the same key,
it won’t overwrite it, actually it will create a new version of that file.
it is best practice to version your buckets
in order to be able to have all the file versions for a while, because you can get protected against unintended deletes because you’re able to restore a previous version.
And also, you can easily rollback to any previous versions you wanted.
Any file that is not versioned prior to enabling versioning
will have the version null.
if you suspend versioning in your bucket,
it does not delete the previous versions, it will just make sure that the future files do not have a version assigned to it.
S3 encryption for objects - 4 methods
- SSE-S3
- SSE-KMS
- SSE-C
- Client Side Encryption
SSE-S3
server side encryption AES-256
encrypts S3 objects using keys handled and managed by AWS
SSE-KMS
server side encryption
encryption using keys handled and managed by AWS KMS
when you have your encryption keys
SSE-C
when you want to manage your own encryption keys
server side encryption using data keys fully managed by the customer outside of AWS
S3 does not store the key you provide. It will be discarded after usage
SSE-S3 how
when uploading a file you can use HTTP or HTTPS, and in header you set
x-amz-server-side-encryption : AES-256
And AWS will know that is has to apply its own managed data key
SSE-KMS how
when uploading a file you can use HTTP or HTTPS, and in header you set
x-amz-server-side-encryption : aws:kms
And AWS will know that is has to apply the KMS customer master key you have defined