S3 - Simple Storage Service

Question 1

What is S3?

Answer 1

A place to store your files.

• Object based storage
• File size can range from 0 bytes to 5TB
• Unlimited Storage
• Buckets

Not sutable to install OS on

Newly created buckets are private but you can set up acces control via

• Bucket Policies
• Access Control Lists

Question 2

Do S3 bucket names have to be unique?

Answer 2

Yes. Universally namespace because you’re making a web address. ex: https://britzer.s3.amazon……

Question 3

S3 Objects Look like:

Answer 3

• Key
• Value
• Version ID
• Metadata
• Subresources
  
  • Access Control Lists
  • Torrent

200 HTTP status Code for successful upload

Question 4

How does data consistency work for S3?

Answer 4

• Read after Write consistency for PUTS -> Immediate access to whatever was uploaded
• Eventual consistency for overwrite PUTS or DELETES -> takes time

Question 5

S3 Guarantee for lost data

Answer 5

99.99% or 11x9s

Question 6

S3 Features

Answer 6

• Tiered Storage ****
• Lifecycle Management - Lifecycle Policies
  
  • Automates moving your objects between different storage tiers
  • used with versioning
  • current/previous versions
• Versioning
• Encryption
• MFA Delete
• Secure Data via Access Control Lists & Bucket Policies

Question 7

S3 Storage Classes/Tiers

Answer 7

1. S3 Standard
   
   • 99.99% avaliable
   • 99.9999999999% durable (11 9’s )
2. S3 - IA (Infriquently Accessed)
   
   • For data that is accessed less frequently but requires rapid access when needed
   • Lower fee than Standard but with a retrieval fee
3. S3 - One Zone - IA
   
   • Lower cost
   • Lower avaliablility zones
4. S3 - Intalligent Tiering
   
   • Optimizes costs by automatically moving data to the most cost effective teir.
5. S3 - Glacier
   
   • Low cost
   • retrieval times are configureable from mins/hrs
6. S3 - Glacier Deep Archive
   
   • Lowest cost
   • 12 hour retrieval time

Question 8

How are you charged for S3?

Answer 8

• Storage
• Num Requests
• Store Management Pricing
• Data Transfer
• Transfer Accel
• Cross region replication

Question 9

S3 Costs

Answer 9

Question 10

S3 - Encryption

Answer 10

You can encyrpt at the object level or bucket level.

• In Transit
  
  • HTTPS - SSL
• At Rest
  
  • Encript data being store
  • Server Side
    
    • S3 Managed Key - Amazon Managed - SSE-S3
    • AWS Key Management Service (SSE-KMS)
    • SSE with Customer Provided Key (SSE-C)
  • Client Side
    
    • Encript then upload yourself

Question 11

S3 Versioning

Answer 11

Stores all versions of an object

Once enabled can’t be disabled

Versioning has MFA to delete capability

Question 12

S3 Lifecycle Management

Answer 12

• Automates moving objects between different storage tiers
• Can be used in conjunction with versioning
• Can be applied to both current and previous versions

Question 13

S3 Object Lock/Glacier Lock

Answer 13

Governance Mode - Can’t change with special permissions - S3

Compliance mode - Can’t alter even root user for a specific retention period for a specific version -S3

S3 Object lock && Glacier Vault lock=== WORM (write once read many)

Question 14

S3 Performance

Answer 14

S3 Prefix

mybucketname/folder1/subfolder/myfile.jpg

More prefixs better performance

Multipart uploads

Byte-range fetches -> splitting downloads

Question 15

S3 Select / Glacier Select

Answer 15

Enables application to retrieve a subset of data using simple SQL expressions.

400% performance increase. Save money

Question 16

AWS Organizations

Answer 16

Organizations

Allows you to have mutiple AWS accounts and be able to centrally manage them.

Enable disable AWS services using Service Control Policies (SCP)

Consolidated Billing

One consolidated bill per AWS account

easy to track

volume pricing discount

Question 17

Sharing S3 Buckets

Answer 17

• Using Bucket Policies & IAM (entire bucket) Programmatic
• Bucket ACLs & IAM (individual objects) Programmatic
• Cross-account IAM Roles. Programmatic AND AWS Console.

Question 18

S3 Cross region Replication (ex: US –> Japan)

Answer 18

• Versioning must be enabled for both the source and destination bucket
• Old files aren’t replicated automatically but…
• All new files will be replicated automattically
• Delete markers are not replicated
• versions and deleting individual versions will not be replicated

Question 19

S3 Transfer Acceleration

Answer 19

Utilizes the Cloudfront Edge Network to accelerate uploads to S3.

Instead of uploading directly to a bucket you can use a URL to upload to an edge location which will then transfer to your S3.

Question 20

What is AWS DataSync?

Answer 20

Allows you to move large amounts of data from on-premise into AWS

Used with NFS and SMB compatible file systems

Replication can be done hourly, daily, weekly

Question 21

CloudFront

Answer 21

Type of Content Delivery Network (CDN) which is a system of distributed server/network, that delivers web pages and other web content to a user based on the geographic locations of the user.

Can be used to deliver your entire website, including dynamic, static and streaming and interactive content using a global network of Edge Locations

Request for your content is automatically routed to the nearest Edge Location.
Content is delivered with the best possible performance.

_{<em><span>Side Notes:</span></em>}

• Edge locations are not just READ only - you can write to them too (ie. put an object on them)
• Objects are cached for the life of the TTL (Time To Live)
• You can clear chached objects by invalidating them, but you’ll be charged

_{<em><span>Key Terms:</span></em>}

_{<span><strong>Edge Location:</strong> location where content can be chached - separate to an AWS Regions/AZ</span>}

_{<span><strong>Origin:</strong> This is the origin of all the files that the CDB will distribute. Can be an S3 Bucket, an EC2 Instance, Elstic Load balancer or Route53</span>}

_{<span><strong>Distribution: </strong>This is the name given to the CDN which consists of a colection of Edge Locations</span>}

Question 22

CloudFront Distribution Types

Answer 22

• Web Distribution - Websites
• RTMP - Media streaming

Question 23

CloudFront Signed URLS & Cookies

Answer 23

Always used signed URLs/Cookies when you want to secure content to authorized users

URLs VS Cookies

• Signed URL is for idividual files. 1 File = 1 URL
• Signed Cookie is for multiple files 1 Cookie = multiple files

CloudFront Signed URL

• Can have different oigins. Doesn’t have to be EC2 (but reccomended)
• Utilize chaching and can filter
• Key pair

S3 signed URL

• Issues request from IAM (grant same permissions)
• Lifetime
• Good for a small amout of files

Question 24

Snowball | Snowball Edge

Answer 24

Snowball

Petabyte-scale data transport solution that can physically transport data on-off locations for a fraction of the cost.

• 50/80 TB options
• Super secure
• Storage
• Import/Export to/from S3

Snowball Edge

• 100 TB
• Same as Snowball
• Also allows for compute functions
• Portable AWS Suite

Snowmobile

• 100PB
• Truck sized moveable data

Question 25

Storage Gateway

Answer 25

Replicates data from a data center into AWS Cloud

• File Gateway -> Flat files stored on S3
• Volume gateway -> Cached Volumes/Stored volumes
  *

Question 26

Athena

Answer 26

Interactive query service which enables you to analize and query data located in S3 using standard SQL.

• Serverless. Pay per query
• No need to setup
• Works directly with data stored in S3

Can be used to

• Query logs
• generate business reports
• analize cost
• run queries on click stream data

Question 27

Macie

Answer 27

Security service that uses Machine Learning to NLP(Natural Language Processing) to discover classify and protect sensative data stored in S3

• Uses AI to recognize S3 object that might contain PII
• Dashboard/alerts/reporting
• Can analyze CloudTrails logs

_{<em>Notes</em>}

PII (personally Identifiable Information) - personal data