S3
- S3 is object based i.e. allows you to upload files
- Files can be from 0 Bytes to 5TB
- There is unlimited storage
- Files are stored in Buckets
- S3 is a universal namespace, that is, names must be unique globally
- Read after write consistency for PUTS of new Objects (link)
- Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate)
S3 Storage Classes/Tiers
- S3 ( durable, immediately available, frequently accessed)
- S3 - IA ( durable, immediately available, infrequently accessed)
- S3 - Reduced Redundancy Storage ( data that is easily reproducible, such as thumb nails etc)
- Glacier - Archived data, where you can wait 3-5 hours before accessing.
Remember the core fundamentals of an S3 objects
- Key (name)
- Value (data)
- Version ID
- Metadata
- Subresources
- ACL
- Torrent
Object based storage only (for files)
Not suitable to install an operating system on
Successful uploads will generate a HTTP 200 status code
Read the S3 FAQ before taking the exam. It comes up A LOT!
Bucket -> Files
==
S3 - Versioning
- Stores all versions of an object ( including all writes and even if you delete an object )
- Great backup tool
- Once enabled, versioning can't be disabled, only suspended
- integrates with Lifecycle rules
- Versioning's MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security.
S3 - Cross Region Replication ( DR ? )
- Versioning must be enabled on both the source and destination buckets
- Regions must be unique
- Files in an existing bucket are not replicated automatically. All subsequent updated files will be replicated automatically.
- You cannot replicate to multiple buckets or use daisy chaining ( at this time )
- Delete markers are replicated
- Deleting individual versions or delete markers will not be replicated.
- Understand what Cross Region Replication is at a high level.
S3 - Lifecycle Management Lab (link)
- Can be used in conjunction with versioning
- Can be applied to current versions and previous versions
- Following actions can now be done
- Transition to the Standard - INfrequent Access Storage Class (128kb and 30 ydas after the creation date)
- Archive to the Glacier Storage Class ( 30 days after IA, if relevant)
- Permanently Delete
Security & Encryption
Security
- By default, all newly created buckets are PRIVATE.
- You can setup access control to your buckets using
Access Control Lists
- S3 buckets can be configured to create access logs which log all requests made to the S3 bucket. This can be done to another bucket.
Encryption
In Transit
SSL/TLS
At Rest
Server Side Encryption
- S3 Managed Keys - SSE-S3
- AWS Key Management Service, Managed Keys - SSE-KMS
- Server Side Encryption With Customer Provided Keys - SSE-C
Clinet Side Encryption
S3 Transfer Acceleration
S3 Transfer Acceleration utilises the CloudFront Edge Network to accelerate your uploads to S3. Instead of uploading directly to your S3 bucket, you can use a distinct URL to upload directly to an edge location which will then transfer that file to S3. You will get a distinct URL to upload to.
