Day - 06 | Amazon S3 | AWS Cloud Practitioner Certification CLF-C02
Anshul Agarwal
? SDET + DevOps ? | Selenium/Appium (Java & Python) | API testing (Postman + RestAssured) | Cypress | WebdriverIO | Playwright | Robot Framework | CI/CD | Python | AWS | Docker | Linux | Terraform | Ansible | Jenkins
Amazon S3
? S3 Use cases
? Amazon S3 Overview - Buckets
? Amazon S3 Overview - Objects
? S3 Security
? S3 Bucket Policies
? Bucket settings for Block Public Access
? S3 Websites
? S3 - Versioning
? S3 Access Logs
? S3 Replication (CRR & SRR)
? S3 Storage Classes
? S3 Durability and Availability
? S3 Standard General Purpose
? S3 Storage Classes - Infrequent Access
? S3 Standard Infrequent Access (S3 Standard-IA)
? S3 One Zone Infrequent Access (S3 One Zone-IA)
? Amazon S3 Glacier Storage Classes
? Amazon S3 Glacier Instant Retrieval
? Amazon S3 Glacier Flexible Retrieval (formerly Amazon S3 Glacier)
? Amazon S3 Glacier Deep Archive - for long term storage
? S3 Intelligent-Tiering
? S3 Object Lock & Glacier Vault Lock
? Shared Responsibility Model for S3
? AWS Snow Family
? Data Migrations with AWS Snow Family
? Time to Transfer
? Snowball Edge (for data transfers)
? AWS Snowcone
? AWS Snowmobile
? Snow Family - Usage Process
? What is Edge Computing?
? Snow Family - Edge Computing
? AWS OpsHub
? Hybrid Cloud for Storage
? AWS Storage Gateway
? Amazon S3 - Summary
Amazon S3
Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. Customers of all sizes and industries can use S3 to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics.
S3 Use cases
Amazon S3 Overview - Buckets
Buckets are the fundamental containers in Amazon S3 for storing data (objects/files). Each bucket can hold an unlimited number of objects and serves as a namespace for objects within it. Buckets are identified by a globally unique name (across all regions all accounts). Buckets are defined at the region level. S3 looks like a global service but buckets are created in a region. Naming convention:
? No uppercase
? No underscore
? 3-63 characters long
? Not an IP
? Must start with lowercase letter or number
Amazon S3 Overview - Objects
? s3://my-bucket/my_file.txt
? s3://my-bucket/my_folder1/another_folder/my_file.txt
? s3://my-bucket/my_folder1/another_folder/my_file.txt
? Max Object Size is 5TB (5000GB)
? If uploading more than 5GB, must use “multi-part upload”
? Tags (Unicode key / value pair – up to 10) – useful for security / lifecycle
? Version ID (if versioning is enabled)
S3 Security
? IAM policies - which API calls should be allowed for a specific user from IAM console
? Bucket Policies - bucket wide rules from the S3 console - allows cross account
? Object Access Control List (ACL) – finer grain
? Bucket Access Control List (ACL) – less common
? the user IAM permissions allow it OR the resource policy ALLOWS it
? AND there’s no explicit DENY
S3 Bucket Policies
Bucket policies are JSON-based access policy language that you can use to manage permissions for S3 buckets. They define what actions are allowed or denied for which principals (users) on the specified resources
Use S3 bucket for policy to:
? Grant public access to the bucket
? Force objects to be encrypted at upload
? Grant access to another account (Cross Account)
Bucket settings for Block Public Access
Amazon S3 provides settings to block public access to your S3 resources. This feature helps prevent unintended public access and helps you adhere to best practices for securing your S3 data.
S3 Websites
Amazon S3 can host static websites over www. You can configure your bucket to serve static web content, set up an index document, and manage error documents. If you get a 403 (Forbidden) error, make sure the bucket policy allows public reads!
S3 - Versioning
Versioning in Amazon S3 allows you to keep multiple versions of an object in the same bucket. This feature helps protect against accidental overwrites and deletions. Any file that is not versioned prior to enabling versioning will have version “null”. If the user suspends versioning, this will not delete the previous versions.
S3 Access Logs
Amazon S3 provides the capability to log all access requests made to your S3 buckets. Access logs can be analyzed to track and audit usage patterns and permissions. Any request made to S3, from any account, authorized or denied, will be logged into another S3 bucket. That data can be analyzed using data analysis tools.
S3 Replication (CRR & SRR)
领英推荐
S3 Storage Classes
NOTE -> Can move between classes manually or using S3 Lifecycle configurations
S3 Durability and Availability
? High durability (99.999999999%, 11 9’s) of objects across multiple AZ
? If you store 10,000,000 objects with Amazon S3, you can on average expect to incur a loss of a single object once every 10,000 years
? Same for all storage classes
? Measures how readily available a service is
? Varies depending on storage class
? Example: S3 standard has 99.99% availability = not available 53 minutes a year
S3 Standard General Purpose
Designed for frequently accessed data and have availability that requires high throughput and low latency. This can sustain 2 concurrent facility failures.
Use Cases: Big Data analytics, mobile & gaming applications, content distribution…
S3 Storage Classes - Infrequent Access
For data that is less frequently accessed, but requires rapid access when needed. Lower cost than S3 Standard.
S3 Standard Infrequent Access (S3 Standard-IA)
99.9% Availability
Use cases: Disaster Recovery, backups
S3 One Zone Infrequent Access (S3 One Zone-IA)
Amazon S3 Glacier Storage Classes
Amazon S3 Glacier Instant Retrieval
Amazon S3 Glacier Flexible Retrieval (formerly Amazon S3 Glacier)
Amazon S3 Glacier Deep Archive - for long term storage
S3 Intelligent-Tiering
This storage class automatically moves data between two access tiers (frequent and infrequent) to optimize costs based on changing access patterns.
S3 Object Lock & Glacier Vault Lock
Shared Responsibility Model for S3
AWS and customers share responsibility for security and compliance:
AWS Snow Family
Data Migrations with AWS Snow Family
? Limited connectivity
? Limited bandwidth
? High network cost
? Shared bandwidth (can’t maximize the line)
? Connection stability
Data migration
? AWS Snowcone ?
? Snowball Edge (for data transfers) ?
? AWS Snowmobile ?
Snow Family - Usage Process
What is Edge Computing?
Snow Family - Edge Computing
AWS OpsHub
Hybrid Cloud for Storage
AWS Storage Gateway
Amazon S3 - Summary
Happy Learning !