Section 8: S3 Flashcards
AWS S3 use
Data storage
S3 buckets are similar to
Directories
S3 Objects are
Files
S3 object keys are
The full path of the object within the bucket
The 4 ways to implement S3 security
1) IAM Policies
2) Object Access Control List (ACL)
3) Bucket Access Control List (ACL)
4) Encryption
S3 bucket policy can be used to
- Grant public access to the bucket
- Force objects to be encrypted at upload
- Grant access to another account (Cross
Account)
The 2 types of S3 replication are
1) Cross-region replication
2) Same-region replication
The 7 S3 storage classes are
- Amazon S3 Standard - General Purpose
- Amazon S3 Standard-Infrequent Access (IA)
- Amazon S3 One Zone-Infrequent Access
- Amazon S3 Glacier Instant Retrieval
- Amazon S3 Glacier Flexible Retrieval
- Amazon S3 Glacier Deep Archive
- Amazon S3 Intelligent Tiering
S3 Standard – General Purpose
- 99.99% Availability
- Used for frequently accessed data
- Low latency and high throughput
- Sustain 2 concurrent facility failures
S3 Standard-Infrequent Access
- For data that is less frequently accessed, but requires rapid access when needed
- Lower cost than S3 Standard
- 99.9% Availability
- Use cases: Disaster Recovery, backups
S3 One Zone-Infrequent Access
- For data that is less frequently accessed, but requires rapid access when needed
- Lower cost than S3 Standard
- High durability (99.999999999%) in a single AZ; data lost when AZ is destroyed
- 99.5% Availability
- Use Cases: Storing secondary backup copies of on-premise data, or data you can recreate
Amazon S3 Glacier Storage Classes
- Low-cost object storage meant for archiving / backup
- Pricing: price for storage + object retrieval cost
Amazon S3 Glacier Instant Retrieval
- Millisecond retrieval, great for data accessed once a quarter
- Minimum storage duration of 90 days
Amazon S3 Glacier Flexible Retrieval
- Expedited (1 to 5 minutes), Standard (3 to 5 hours), Bulk (5 to 12 hours) – free
- Minimum storage duration of 90 days
Amazon S3 Glacier Deep Archive – for long term storage
- Standard (12 hours), Bulk (48 hours)
- Minimum storage duration of 180 days
S3 Intelligent-Tiering
- Small monthly monitoring and auto-tiering fee
- Moves objects automatically between Access Tiers based on usage
- There are no retrieval charges in S3 Intelligent-Tiering
The 2types of S3 encryption are
1) Server-side Encryption (default)
2)Client-side Encryption
Server-side Encryption occurs when
The server encrypts the file after receiving it
Client-side Encryption occurs when
The user encrypts the file before uploading it
IAM Access Analyzer for S3
- Ensures that only intended people have access to your S3 buckets
- Example: publicly accessible bucket, bucket shared with other AWS account…
- Evaluates S3 Bucket Policies, S3 ACLs, S3 Access Point Policies
- Powered by IAM Access Analyzer
AWS Snow Family includes
Highly-secure, portable devices to collect and process data at the edge, and migrate data into and out of AWS
The 3 Snow Family devices for Data Migration are
1) Snowcone
2) Snowball Edge
3) Snowmobile
The 2 Snow Family devices for Edge computing are
1) Snowcone
2) Snowball Edge
Snowball Edge is a
- Physical data transport solution: move TBs or PBs of data in or out
of AWS - Alternative to moving data over the network (and paying network
fees) - Pay per data transfer job * Provide block storage and Amazon S3
-compatible object storage
Snowball Edge Storage Optimized provides
80 TB of HDD capacity for block volume and S3 compatible object
storage
Snowball Edge Compute Optimized provides
42 TB of HDD or 28TB NVMe capacity for block volume and S3
compatible object storage
AWS Snowcone & Snowcone SSD are
- Small, portable computing, anywhere, rugged &
secure, withstands harsh environments - Light (4.5 pounds, 2.1 kg) * Device used for edge computing, storage, and data
transfer
and - Can be sent back to AWS offline, or connect it to
internet and use AWS DataSync to send data
The Snowcone provides
8 TB of HDD Storage
The Snowcone SSD provides
14 TB of SSD Storage
AWS Snowmobile allows for
- Transfer exabytes of data (1 EB = 1,000 PB = 1,000,000 TBs)
- Each Snowmobile has 100 PB of capacity (use multiple in parallel)
- High security: temperature controlled, GPS, 24/7 video surveillance
- Better than Snowball if you transfer more than 10 PB
Snow Family – Usage Process
- Request Snowball devices from the AWS console for delivery
- Install the snowball client / AWS OpsHub on your servers
- Connect the snowball to your servers and copy files using the client
- Ship back the device when you’re done (goes to the right AWS
facility) - Data will be loaded into an S3 bucket
- Snowball is completely wiped
What is Edge Computing?
Process data while it’s being created on an edge location
An edge location is an area lacking in
Internet access and/or computing power
Use cases of Edge Computing
- Preprocess data
- Machine learning at the edge
- Transcoding media streams
AWS OpsHub is
A software you install on your computer / laptop to manage your Snow Family Device
Snowball Edge Pricing
You pay for device usage and data transfer out of AWS
The two options for Snowball Edge pricing are
1) On-Demand
2) Committed Upfront
AWS Storage Cloud Native Options
Block
File
Object
AWS Storage Gateway is the
*Bridge between on-premise data and cloud data in S3
*Hybrid storage service to allow on- premises to seamlessly use the AWS
Cloud
Amazon S3 – Summary
- Buckets vs Objects: global unique name, tied to a region
- S3 security: IAM policy, S3 Bucket Policy (public access), S3 Encryption
- S3 Websites: host a static website on Amazon S3
- S3 Versioning: multiple versions for files, prevent accidental deletes
- S3 Replication: same-region or cross-region, must enable versioning
- S3 Storage Classes: Standard, IA, 1Z-IA, Intelligent, Glacier (Instant, Flexible, Deep)
- Snow Family: import data onto S3 through a physical device, edge computing
- OpsHub: desktop application to manage Snow Family devices
- Storage Gateway: hybrid solution to extend on-premises storage to S3
