Udemy lecture 5: Amazon S3 Flashcards
__________ is one of the main building blocks of AWS
Amazon S3
What are the different use cases of amazon S3?
- Backup & storage
- Disaster recovery
- Archive
- Hybrid cloud storage
- Application hosting
- Media hosting
etc
Amazon S3 stores objects (files) into ____________
Buckets (directories)
Buckets must have a ____________________ name (across all regions all accounts)
Globally unique name
Buckets are defined at the __________ level
Region
What is the naming conventions for S3 buckets?
- No uppercase, no underscore
- 3-63 character long
- Not an IP
- Must start with lowercase letter or number
- Must not start with the prefix xn-
- Must not end with the suffix -s3alias
So just use letters, numbers, and hyphons youll be fine
Objects (files) have a ________
Key
The key is the _________ path
Full (all the layers of your file like think of it being in a folder & having multiple layers
The object key is composed of the __________ + _____________
prefix + object name (ex. s3://my-bucket/my_folderI/another_folder(prefix)/(object name) my_file.txt
Keys are usually just long names that contain ________
Slashes (/)
Object values are the content of the _________
Body
What are some aspects of objects related to their sizing?
- Max. object size is 5TB (5000GB)
- If uploading more than 5GB, must use “multi-part upload”
Object can also contain __________
Metadata
What are metadata?
Metadata consists of a list of text key/ value pairs, which can be used by the system or user to know some elements of the file
Metadata contain ______– which are unicode key/ value pair up to 10 & they are useful for security/ lifecycle
Tags
Metadata also contains a __________ if versioning is enabled
Version ID
What are the different Amazon S3 securities?
- User-based
- Resources- Based
- Encryption
What are the user-based policies used in Amazon S3?
IAM policies
What are IAM polices related to S3?
IAM policies are API calls that decide which API calls should be allowed for a specific user from IAM
What are the different resource-based policies related to S3?
- Bucket policies
- Object Access Control List (ACL)
- Bucket Access control list (ACL)
What is the bucket policies related to S3?
Its bucket wide rules from the S3 console which allows cross account (its what allows it to become public)
What are the object access control list (ACL) related to S3?
Finer grain that can be disabled
What are the bucket access control list (ACL) related to S3?
Less common & can be disabled
What are the conditions that must be met for an IAM principal to access an S3 object?
- The user IAM permissions allow it or the resources policy allows it
- There’s no explicit deny
How is encryption related to S3 security?
Encrypt object in amazon S3 using encryption keys
S3 bucket policies mostly are what?
JSON based policies (with allow the features of JSONs such as the resources, effect, actions, principals, etc)
Why do we use S3 bucket for policies?
- Grant public access to the bucket
- Force objects to be encrypted at upload
- Grant access to another account (cross account)
S3 can host __________ websites & have them accessible on the internet
Static
If you get a 403 forbidden error, make sure that the _________ allows public reads
bucket policy
What does versioning your files mean?
Updating your files
You can version your files in Amazon S3 but it has to be done at the ___________
bucket level (when you use the same key overwrite it will change the version, making updates)
Why should you version your buckets?
- Protects against unintended deletes (ability to restore a version)
- Easy roll back to previous version
- Any file that is not versioned prior to enabling versioning will have version “null” (suspending versioning doesn’t delete the previous versions)
What are the 2 different Amazon S3 replications?
- CRR (cross-region replication) (the2 regions must be different)
- SRR (same-region replication)(the 2 regions must be the same)
- Must enable versioning in source & destination buckets to use them
How can CRR be beneficial?
If you use cross-region replication, it can be helpful for compliance or for providing lower latency access to your data because its in another region or to replicate data across accounts
How can SRR be beneficial?
It can be helpful to aggregate logs across multiple S3 buckets or to perform a live replication between production & test accounts, so you basically have your own test environment
What are the different S3 storage classes?
- Amazon S3 standard- general purpose
- Amazon S3 standard - infrequent access (IA)
- Amazon S3 one zone-infrquent access
- Amazon S3 glacier instant retrieval
- Amazon S3 glacier flexible retrieval
- Amazon S3 glacier deep archive
- Amazon S3 intelligent tiering
What does durability mean related to Amazon S3?
Durability represents how many times an object is going to be lost by Amazon S3 so Amazon S3 has a high durability called 11 nines
What does Amazon S3 11 nine durability means?
Means that if you decided to store 10 million object in Amazon S3 then you can expect to lose a single object once every 10,000 years
What does availability mean related to S3?
It represents how readily a service is (depends on storage class)
Amazon S3 standard has 99.99 availability & its used for ____________ accessed data & it has low latency & high throughputs. It can sustain two concurrent facility failures by AWS
Frequently
What are the use case for Amazon S3 standard?
- Big data analytics
- Mobile & gaming applications
- Content distribution
S3 infrequent access is used for data that is __________________ accessed but requires rapid access when needed
Less frequently accessed
S3 infrequent access is _______ availability so a bit less available
99.9%
What is the use case for amazon S3 infrequent access (IA)
Used for disaster recovery & backups
_______________ has high durability within a single AZ only
Amazon S3 one zone -infrequent access (one-zone IA)
Amazon S3 one zone -infrequent access has a __________ availability
99.5%
What is the use case of S three one zone-IA?
To store secondary copies of backups of things like on-premise data, or data you can recreate
____________ has the lowest cost object storage meant for arching & backup
Amazon S3 Glacier
- Pay for the storage & retrieval cost
_______________ give you milliseconds retrieval for data that’s accessed once a quarter & the minimum store duration is 90 days
Amazon S3 Glacier instant retrieval
_____________ has 3 flexibility, where you have expedited where you get the data back between 1 & 5 minutes, you have a standard where you get data back between 3-5 hours & you got minimum storage duration of 90 days
Amazon Glacier Flexible retrieval
What is the difference between instant & flexible related to data retrieval?
Instant means you retrieve data instantly & flexible means that your willing to wait longer period of time like for example 12 hours
___________ which is meant for long-term storage, & it has 2 different types of retrieval which are standard retrieval of 12 hours & bulk of 48 hours. Also get a minimum storage duration of 180 days
Amazon Deep Glacier archive
___________ storage class allow you to move objects between excess tiers based on usage patterns & you get a small monthly monitoring fee & auto tiering fee
Amazon S3 intelligent -tiering
What are the two different types of encryptions used for amazon S3?
- Server side-encryption
- Client - side enctryption
What is server-side encryption?
Its when the server is doing the encryption for you
What is client side encryption?
Its when the user does the encryption
Within AWS by default the ___________- encryption is used
Server-side encryption
What is the IAM access analyzer for amazon S3?
Its a monitoring feature for your amazon S3 bucket to ensure that only the intended people have access to your S3 bucket, so when its shared with unwanted people you can see it & take action
What is AWS responsible for related to S3?
- Responsible for their infrastructure related to S3 (ability, availability, etc)
- Internal configuration & vulnerability analysis
- Compliance validation internally with their infrastructure
What are you responsible related to Amazon S3?
- Supposed to correctly setup S3 versioning to make sure you setup the right S3 bucket policy so that data is protected in your buckets
- Make sure that if you want verfication you set it up yourself
- Use the most optimal cost storage cloud that is going to be most cost friendly for you
- Encrypt your data onto your amazon S3 bucket
What is AWS snow family?
Its a highly secure portable device in AWS
What are the two use cases for AWS snow family?
- Its used to collect & process data at the edge
-Or to migrate data in & out of AWS
What are the different types of devices in the snow family related to data migration?
- Snowcone
- Edge
- Snowmobile
What are the two different types of devices within the snow family related to edge computing (collecting & transferring data at the edge)
- Snowcone
- Snowball edge
The snow family is used for data migration why? and what is the rule of thumb related to the snow family & data migration?
To speed things up & rule of thumb is that if it takes more than a week to transfer data over the network then you should use a snowball device (it transfers data physically not by network)
What are the two different types of snowball edge?
- Snowball edge storage optimized
- Snowball edge compute optimized
What is snowball edge storage optimized?
Gives you 80 terabytes of hardware disk capacity which works for block volume or S3 compatible object storage
What is snowball edge compute optimized?
Gives you 42 terabytes or 28 terabytes
What is the use case for a snowball edge?
To do a large data cloud migration to decommission a data center or for a disaster recovery by backing up your data into AWS
A ___________ is used for edge computing, storage & data transfer
Snowcone
What are the two versions of snowcone?
- Snowcone- which is 8 terabytes of HDD storage
- Snowcone SSD with 14 terabytes of SSD storage
You can transfer your data physically with __________, you can transfer exabytes of data with it & its highly secured
Snowmobile
AWS recommends for migration size you wanna use ___________ for 24 terabytes, __________ petabytes, and exabytes for _________ want to
snowcone, snowball edge, snowmobile
What is edge computing?
Edge computing is when you process data while its being created at an edge location
What is an edge location?
An edge location is anything that really doesn’t have internet or that far away from the cloud
ex. a truck on the road or ship on sea, etc
With snow edge pricing you pay for device usage & data transfer ______ of AWS
Out
Putting data into Amazon S3 is _______
Free
What are the different snowball edge pricing?
- On-demand
- Committed upfront- where you pay in advance for monthly, 1yr, or 3yr usage
A _________ is used to bridge your on-premise data & cloud data in AWS (allows you to use a hybrid model with S3)
Storage gateway
______________ is the most cost-effective option if you want to archive data and do not have a retrieval time requirement. You can retrieve data in 12 or 48 hours.
Amazon Glacier Deep Archive
______________ can be used to define when S3 objects should be transitioned to another storage class or when objects should be deleted after some time.
Lifecycle Rules
___________ devices are well suited for large-scale data migrations and recurring transfer workflows, as well as local computing with higher capacity needs.
Snowball Edge Storage Optimized
