Section 5 - S3 Flashcards
1
Q
What is AWS S3?
A
AWS S3 stands for Amazon Simple Storage Service
- Object storage service for the cloud that is highly available
- Objects (Files) are stored in buckets (Directory)
- Objects can be Public or Private
- Store files up to 5TB per file.
- You can set security at the bucket level or individual object leverl using access control lists (ACLs), Bucket policies or access point policies.
- You can enable versioning to create multiple versions of your file in order to proctect against accidental deletion and to use a previous version.
-
AWS S3 is a regional service, but bucket names are globally unique
-
Example S3 URLs:
- https://bucket-name.s3.region.amazonaws.com/key-name
- https://mlankabucket.s3.us-east-1.amazonaws.com/iron-man.jpg
-
Example S3 URLs:
2
Q
AWS S3 is a Key-Value Store?
A
- Key
- The name of the object, example iron-man.jpg
- Value
- This is the data itself, which is made up of a sequence of bytes.
- Version ID
- Important for storing multiple versions of the same object
- Metadata
- Data about the data you are stroing e.g. content-type, last-modified etc..
3
Q
What ar ethe 7 AWS S3 Storage Classes?
A
- S3 Standard
- S3 intelligent-Tiering
- S3 Standard Infrequent Access (IA)
- S3 One Zone-Infrequent Access(IA)
- S3 Glacier
- S3 Glacier Deep Archive
- S3 Outpots
4
Q
What is AWS S3 durability standard?
A
- Durability is important so your objects are never lost or compromised.
- Amazon S3 Standard is designed for 99.999999999%(11 9’s) of durability.
5
Q
What is AWS S3 availability standard?
A
- Availability is important so you can access your data quickly when you need it.
- Amazon S3 Standard is designed for 99.99% of availability.
6
Q
Characteristics of AWS S3 S3-IA Standard Infrequent Access (IA) class?
A
Standard Infrequent Access:
- Data accessed infrequently by requires rapid access.
- Cheaper than S3 standard
- Data stored across multiple availability zones
- recommended for:
- Long-lived data
- Infrequently accessed
- Millisecond access when needed.
7
Q
Characteristics of AWS S3 Standard class?
A
- S3 Standard
- General Purpose storage
- Data stored across multiple availability zones (>= 3AZs)
- Low latency and high throughput
- Recommended for frequenctly accessed files
- 99.9% Availability
- 99.99999999999% Durability (11 9’s)
- The default storage class
- use cases include websites, content distribution, mobile and gaming applications, and big data analytics
8
Q
Characteristics of AWS S3 Intelligent-Tiering class?
A
S3 intelligent-Tiering
- Automatically moves data to the most-cost effective storage class
- No retrieval fees
- Automatic cost savings
- Data stored across multiple availability zones
- recommended for data with unknown or changing access patterns.
9
Q
Characteristics of AWS S3 One Zone-Infrequent Access(IA) class?
A
S3 One Zone-Infrequent Access(IA):
- Like S3 Standard-IA but stored in single availability zone.
- Cost 20% less than S3 standard-IA
- Data stored in this storage class can be lost.
- Availability 99.95%
- recommended for:
- Re-creatable data
- Availability and Durability are not essential
- Millisecond access when needed.
10
Q
Characteristics of AWS S3 Glacier class?
A
S3 Glacier:
- Long-term data storage.
- data retrieval takes longer.
- 3 retrieval options:
- 1 - 5 Minutes
- 3 - 5 Hours
- 5 - 12 hours
- Data stored accross multiple availability zones.
- recommended for:
- Long-term backup
- Cheaper storage option
11
Q
Characteristics of AWS S3 Glacier Deep Archive class?
A
Glacier Deep Archive:
- Like Glacier but longer access times.
- 2 retrieval options:
- 12 hours
- 48 hours
- Data stored accross multiple availability zones.
- Cheapest of all S3 Options
- recommended for:
- Long-term data archival accessed once or twice a year.
- Retaining data fro regulatory complience requirements
12
Q
Characteristics of AWS S3 Outposts class?
A
S3 Outposts:
- provides data storage on premise.
- single storage class
- Data stored accross multiple devices and servers.
- recommended for:
- Data needs to be kept local
13
Q
How AWS S3 Bucket Policies Work?
A
You can set up access control to your buckets using Bucket Policies.
- Applied at Bucket level
- The permissions granted by the policy apply to all of the objects withon the bucket.
- Not Individual Objects
- You can’t attach a bucket policy to an individual object
- Group Files
- A Group of files which need to be accessed by the same people
14
Q
AWS S3 Bucket Access Control Lists(Bucket ACLs)?
A
AWS S3 is secured by default, all newky created buckets are private.
-
Access Control Lists:
- Applied at an object level
- We can apply different permissions for different objects within a bucket.
-
Grant Access to Objects:
- We can define which accounts or groups are granted access and also the type of access. e.g. read, write , or full control
-
Fine Grained Control:
- Grant a different type of access to different objects within the same bucket. e.g. to apply different permissions for different objects, for different users and groups.
- Access Logs:
- S3 Buckets can be configured to create access logs, which log all requests made to the s3 Bucket. those very logs can be written to another bucket.
15
Q
AWS S3 Encryption?
A
Types of Encryptions applied:
- Encryption in Transit
- SSL/TLS
- HTTPS
- Encryption At Rest - Server Encryption
- SS3-S3 - S3 managed keys, using AES 256-bit encryption
- SSE - KMS - AWS key Management service Keys
- SSE - C - Customer provided keys (You are incharge of managing the keys )
- Encryption at Rest - Client Side Encryption
- You encrypt the files yourself before you upload them into S3
16
Q
AWS S3 Enforcing Server Side Encryption?
A
- AWS Console
- Select the encryption setting on your S3 bucket.
- Bucket Policy
- You can enforce encryption using a bucket policy.
When uploading file which requires enforcing of encryption server side, use the following options in your PUT headers request:
- x-amz-server-side-encryption: AES256 (SSE-S3 - S3 Managed keys)
- x-amz-server-side-encryption: aws:kms (SSE-KMS - KMS managed keys)
