Storage Flashcards
Google cloud regional storage
The data under this storage class is placed in a single Google Cloud location and is not distributed among other data centers. It is the cheapest Standard storage option. However, as the data is stored in a single place only, users from the other countries may have a low connection speed and performance. It grants the highest performance at a low price.
Google Cloud Multi-Regional Storage
Duplicates data between several regions worldwide More expensive than Regional, but users can access it at a high speed anywhere on the globe. Data becomes insusceptible to natural disasters and local data center failures.
Google Cloud Nearline Storage
Designed for cool data that is used once per month or less. Nearline Storage keeps its data stores its data within one region and is cheap compared to the standard storage
Google Cloud Coldline Storage
Cold-tier storage for archival data with access frequency of less than once per year When using Coldline or Nearline Storage, you also pay more for requests, e.g., retrieval of metadata or download commands.
Uses for different storage classes
** If you need a datastore for a Google Compute Engine instance, use Regional Storage. ** For website contents, downloads and application data, use Multi-Regional Storage. ** Nearline storage is the best solution for statistical data, regular backups, working files, and document archives. ** If you need an archive for outdated data and disaster recovery suites, use Coldline storage.
Uniform access control for buckets
Allows you to use Cloud Identity and Access Management (Cloud IAM) alone to manage permissions.
Cloud IAM applies permissions to all the objects contained inside the bucket or groups of objects with common name prefixes.
Cloud IAM also allows you to use features that are not available when working with ACLs, such as Cloud IAM Conditions and Cloud Audit Logs.
Fine grained access control for buckets
Enables you to use Cloud IAM and Access Control Lists (ACLs) together to manage permissions.
ACLs are a legacy access control system for Cloud Storage designed for interoperability with Amazon S3.
You can specify access and apply permissions at both the bucket level and per individual object.
You most likely want to use ACLs for the following use cases:
- Customize access to individual objects within a bucket.
- Migrate data from Amazon S3.
Access control via signed URL (query string authentication)
Use signed URLs to give time-limited read or write access to an object through a URL you generate. Anyone with whom you share the URL can access the object for the duration of time you specify, regardless of whether or not they have a Google account
Access control via Signed Policy Documents
Use signed policy documents to specify what can be uploaded to a bucket. Policy documents allow greater control over size, content type, and other upload characteristics than signed URLs, and can be used by website owners to allow visitors to upload files to Cloud Storage.
Access control via Firebase Security Rules
Use Firebase Security Rules to provide granular, attribute-based access control to mobile and web apps using the Firebase SDKs for Cloud Storage. For example, you can specify who can upload or download objects, how large an object can be, or when an object can be downloaded.
