This repository has been archived by the owner on Aug 1, 2024. It is now read-only.
forked from jtviolet/aws-solutions-architect-associate-notes
-
Notifications
You must be signed in to change notification settings - Fork 45
/
Copy paths3.txt
180 lines (153 loc) · 6.76 KB
/
s3.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
S3 - Simple Storage Service, provides developers and IT teams with secure, durable, highly-scalable, flat object storage.
- Object-based storage:
--- Key
--- Value
--- Version ID
--- Metadata
--- Subresources:
--- --- Access Control Lists
--- --- Torrent
- Unlimited storage
- Files can be 0 Bytes to 5 Terabytes
- Files stored in buckets (basically just folders/logical separation)
- Bucket names have to be unique globally
- Successful upload will receive HTTP200 code
- Read after Write consistency for PUTS of new objects
- Eventual Consistency for overwrite PUTS and DELETES (can take some time)
- Built for 99.99% availability
- Amazon guarantees 99.999999999% durability (unlikely to ever lose a file) (11 9s)
- Tiered storage available
- Lifecycle management
- Versioning
- Encryption
- Secure your data using Access Control Lists and Bucket Policies
- Bucket tags are not inherited to files
S3 Storage Tiers
- S3 Standard:
--- 99.99% available, 99.999999999% durable
- S3 IA (Infrequently Accessed):
--- Data that is accessed less often, but requires rapid access. Lower fee than S3 but charged retrieval fee.
- S3 One Zone IA:
--- Lower-cost option for IA but doesn't require multiple AZ resiliance
- Glacier:
--- Super cheap, used for archival only. Retrieval time takes 3-5 hours
S3 Charges
- Storage
- Requests
- Storage Management Pricing (tags)
- Data Transfer Pricing (cross-region replication)
- Transfer Accelleration - fast transfers over long distances using CloudFront
- Can configure bucket as Request Pays if you use multiple AWS accounts and multiple buckets that transfer info between them
S3 Versioning
- Stores all versions of an object (even if you delete an object)
- Once enabled, versioning cannot be disabled, only suspended
- Integrates with Lifecycle rules
- Versioning's MFA Delete capability, which uses MFA, can be used to provide additional layer of security
S3 Cross Region Replication
- Versioning must be enabled on both the source and destination buckets
- Regions must be unique
- Files in an existing bucket are not replicated automatically, all new and updated files will be replicated automatically
- You cannot replicate multiple buckets or daisy chain replication
- Delete markers are replicated
- Deleted individual versions or markers will not be replicated
S3 Lifecycle Management
- Can be used with versioning
- Can be applied to current and previous versions
- Transition to IA after 30 days is possible, if file is larger than 128k
- Archive to Glacier after 30 days is possible
- Can permanently delete after N days
S3 Security & Encryption
- All newly created buckets are private by default
- You can setup access control for buckets using bucket policies and ACL
- Buckets can be configured to create access logs which log requests made to the bucket.
- Methods of Encryption
--- In Transit
--- --- SSL/TLS
--- At Rest
--- --- Server Side
--- --- --- S3 Manged Keys SSE-S3
--- --- --- AWS Key Management Service, Manged Keys SSE-KMS
--- --- --- Server Side Encryption with Customer Provided Keys SSE-C
--- --- Client Side Encryption
S3 Transfer Accelleration
- Uses CloudFront Edge Network to accelerate yoru uploads to S3
S3 Static Website Hosting
- [bucketname].s3-website-[region].amazonaws.com
- CORS: you can enable cors on the bucket to allow other sites to get the files from the bucket
- If you want to host a static website in S3, just create a bucket name with the URL (IE, if you want to host something.com, create a bucket name with that name) and create an alias to that bucket.
-- If you want to use www.something.com and something.com, you have to create 2 buckets, and configure redirection from www.something.com to something.com in the properties
Dualstack: support for IPV4 and IPV6
- Storage Tiers
--- S3 Standard
--- --- 99.99 available, 99.999999999 durable, designed to sustain loss of 2 facilities concurrently
--- S3 IA (Infrequently Accessed)
--- --- Accessed less frequently, requires rapid access when needed. Lower fee than S3 but charged for retrieval.
--- S3 One Zone IA
--- --- Want lower-cost for infrequent data but doesn't require multiple AZ resiliency
--- Glacier
--- --- Cheap, used for archival only. 3-5 hour retrieval time
- Core Fundamentals of S3:
--- Key
--- Value
--- Version ID
--- Metadata
--- Subresources
---- Access Control Lists
---- Torrent file
- Versioning
--- Objected based storage (files only, not OS or db)
--- All version of object are stored, writes and deletes
--- Once enabled, versioning cannot be disabled, only suspended
--- Integrates with Lifecycle rules
--- Versioning's MFA Delete capability can be used to provide additional layer of security
--- Cross Region Replication, requires versioning on source and destination buckets
- Lifecycle Management
--- Can be used in conjunction with versioning
--- Can be applied to current/previous versions
--- Actions that can be done:
--- --- Transition to Standard S3 IA after 30 days
--- --- Archive to Glacier after 30 days
--- --- Permanently Delete
- CloudFront
--- Edge Location - location where content will be cached
--- Origin - Origin of all files that CDN will distribute
--- Distribution - name given to CDN which consists of collection of Edge Locations
--- --- Web Distribution - typically used for websites
--- --- RTMP Distributions - media streaming/flash files
--- Edge locations are not just read only, you can write to them too
--- Objects are cached for life of TTL (default 24 hours)
- Securing Buckets
--- Newly created buckets are private by default
--- You can setup access control using:
--- --- Bucket Policies
--- --- Access Control Lists
--- Buckets can be configured to create access logs
- Encryption
--- In Transit
--- --- SSL/TLS
--- At Rest
--- --- Server Side Encryption
--- --- --- S3 Manged Keys SSE-S3
--- --- --- AWS Key Management Service, Manged Keys SSE-KMS
--- --- --- Server Side Encryption with Customer Provided Keys SSE-C
- Storage Gateways
--- File Gateway - flat files, directly on S3
--- Volume Gateway
--- --- Stored Volumes - Entire dataset stored on site, async backed up to S3. Stores data as Amazon EBS snapshots in S3
--- --- Cached Volumes - Entire dataset stored in S3, most recent data stored onsite
--- Gateway Virtual Tape Library (VTL) - Used for backup and uses popular backup applications like NetBackup, Backup Exec, Veeam, etc.
-- Network requirements: Port 443, 80 (activation only) , 3260 (iSCSI targets), UPD53 (dns)
- Snowball
--- Import to S3 or Export from S3
--- Snowball
--- --- 80TB, no compute
--- Snowball Edge
--- --- 100TB, has compute
--- Snowmobile
--- --- 100PB, semi-truck, only available in USA
- S3 Transferion Accelleration
--- Speed up transfers to S3 using S3 transfer acceleration. Costs extra, great impact for people in distant locations.
- S3 Static websites
- Serverless
- Cheap, scales automatically
- Static only, no compute