Main Topic covered on Exam
- Design Resilent Architectures
- Define Performant Architectures
- Specifiy secure applications and Architectures
- Design cost optimised Architectures
- Define Operationally excellent Architectures
Simple Storage Service – S3
S3 is a object based storage service also a server less storage in the cloud.
S3 objects contain your data. they are like files.
Object may consist of key, value, version id, meta data.
You can store data from o Bytes to 5 Terabytes in size.
S3 bucket hold objects. buckets can also have folders which in turn hold objects.
S3 is a universal namespace so bucket names must be unique.
S3 – Storage Classes
- Standard : Fast 99.99% availability. 11 9’s Durabiltiy. replicated across at least three AZs.
- Intelligent Tiering: Uses Machine Learning to analyse your object usage and determine the appropriate storage class. Data is moved to the cost effective access tier, without any performance impact or added overhead.
- Standard Infrequently Accessed(IA) : Still fast cheaper if you access files less than once a month. Additional retrieval fee is applied. 50% less than standard ( reduced Availabilty).
- One Zone IA: Still fast object only exist in one AZ. Availabilty is 99.5%. But cheaper than standard IA by 20% less. Data could get destroyed. A retrieval fee is applied.
- Glacier: For long term cold storage. Retrieval of data can take minutes to hours but the off is very cheap storage.
- Glacier Deep Archive: The lowest cost storage class. Data retrieval time is 12 hours.
All new buckets are private when created by default.
Access control is configured using bucket policies and Access control lists(ACL).
S3- Encryption
Encryption in Transit: traffic between your local host and S3 is achieved via SSL/TLS
Server side encryption (SSE) : Encryption at rest – S3 managed keys- SSE- AES-256 Algorithm – SSE-KMS Envelope encryption, SSE-C customer provided key.
Client side encryption: you encrypt your own files before uploading them to S3.
S3 – Cross Region Replication – CRR
CRR enabled any object that is uploaded will be automatically replicated to another region. provides higher durability and potential disaster recovery for objects.
you must have versioning turn on both the source and destination buckets. you can have CRR replicate to another AWS account.
S3 – Versioning
Store all version of an object in S3.
Once enabled it cannot be disabled, only suspended on the bucket.
Fully integrate with S3 lifecycle rules.
MFA delete feature provides extra protection against deletion of your data.
S3- Lifecycle Management
Automate the process of moving objects to different storage classes or deleting objects all together.
Can be used together with versioning.
Can be applied to both current and previous versions.
S3 – Transfer Acceleration
Fast and secure transfer of files over long distances between your end users and an S3 bucket.
Utilizes CloudFront distributed Edge locations.
Instead of uploading to your bucket, uses use a distinct URL for an edge location.
as a data arrives at the edge location it is automatically routed to S3 over a specially optimised network path.
S3 – MFA Delete
MFA Delete ensure users cannot delete objects from a bucket unless they provide their MFA code.
MFA delete can only be enabled under these condition
The AWS CLI must be used to turn on MFA and The bucket must have versioning turned on.
Only the bucket owner logged in as root user can delete objects from bucket.
Command line interface – S3
#aws s3 ls
#aws s3 ls sukheshcs
Copying file from desktop to AWS S3
#aws s3 cp s3:///sukheshcs/mypic.jpg ~/desktop/folder/test.jpb
Uploading file to S3 from desktop
#aws s3 cp ~/Desktop/folder/test.jpg s3://sukheshcs/test.jpgTemporary access to the file on S3
#aws s3 presign s3://sukhehscs/test.jpg –expires-in 300
S3 cheatsheet
- Simple storage service object based storage. Store unlimited amount of data without worry of underlying storage infrastructure.
- S3 replicates data across at least 3 AZ to ensure 99.99% availability and 11’9s of durability.
- Objects contain your data.
- Objects can be size anywhere from 0 Bytes to 5 Terabytes.
- Buckets contain objects. Buckets can also contain folders which can in turn can contain objects.
- Buckets names are unique across all AWS accounts. Like a domain name.
- When you upload a file to S3 successfully you’re receive a HTTP 200 code. Lifecycle management objects can be moved between storage classes or objects can be deleted automatically based on a schedule.