Sie sind auf Seite 1von 3

S3 Exam Tips 101

 S3 is object based i.e it allows you to upload files. It’s not somewhere you would install an OS or
run a database from.
 Files can be from 0 bytes to 5TB.
 There is unlimited storage.
 Files are stored in “Buckets” (aka folders)
 S3 is a universal namespace, that is, the names of buckets must be unique globally. Ex:
https://s3-eu-west-1.amazonaws.com/acloudguru
 As soon as you put a new object onto S3, you will immediately be able to read that object.
 Eventual consistency for overwrite PUTS and DELETES (can take some time to propagate)
Updates or deletions take some time to apply.
 S3 Storage Classes/Tiers
o S3 (durable, immediately available, frequently accessed)
o S3-IA or Infrequently Accessed – (Durable, immediately available, infrequently accessed)
o S3 – Reduced Redundancy Storage – (Data that is easily reproducible, such as thumb
nails, watermarked images, etc.)
o Glacier- Cheapest of the available storage tiers. Primarily for archived data, where you
must wait 3-5 hours before accessing data.
 Core Fundamentals of S3
o Key (name)
o Value (data)
o Version ID
o Metadata
o Access Control Lists
 S3 allows for versioning which stores all versions of an object (including all writes and even if
you delete an object). You pay for each version of the object. If you have one object that is 1GB
and you update it 10 times, you will have to pay for 10GB.
o Once versioning is enabled, it cannot be disabled, only suspended.
o Versioning integrates with Lifecycle rules
o Versioning’s Multifactor Authentication Delete capability, which uses MFA, can be used
to provide an additional layer of security. A user will have to use a MFA token if they
want to delete an object.
o Cross Region Replication: Requires versioning enabled on the source bucket as well as
the destination bucket.
 Lifecycle Management: Can be used in conjunction with versioning.
o Can be applied to current versions and previous versions
o The following actions can now be done:
 Transition to the Standard – Infrequent Access Storage Class (Objects must be at
least 128Kb and 30 days after the creation date)
 Archive objects to the Glacier Storage Class (30 days after moved to Infrequently
Accessed, if relevant.)
 You can also permanently delete objects using lifecycle management rules.
 Edge Location: This is the location where content will be cached. This is separate to an AWS
Region/Availability Zone.
 Origin: This is the origin of all the files that the CDN will distribute. This can be either an S3
Bucket, an EC2 Instance, an Elastic Load Balancer or Route53.
 Distribution: This is the name given to the Content Delivery Network which consists of a
collection of Edge locations.
o Web Distribution- Used for websites.
o RTMP – Used for media streaming.
 Edge Locations don’t have to be READ only, you can write to them too.
 Objects are cached for the life of the TTL(Time To Live) which is always in seconds. By default,
TTL is defaulted to 24 hours.
 You can also clear cached objects, but you will be charged.

Securing your Buckets

 By default, all newly created buckets are PRIVATE


 You can setup access control to your buckets using the following:
o Bucket Policies
o Access Control Lists
 S3 buckets can be configured to create access logs which log all requests made to the S3 bucket.
This can be done to another bucket.

Encryption

 In Transit: Achieved through SSL/TLS


 At Rest:
o Server-Side Encryption
 S3 Managed Keys (SSE-S3) - Each object is encrypted with a unique using MFA
encryption. The keys are encrypted with a master key that regularly rotates.
 AWS Key Management Service (SSE-KMS) – Similar to S3 managed keys but it
allows you to have an audit trail to tell you when your key was used and by
whom.
 SSE with Customer Provided Keys (SSE-C) – You manage the encryption keys
yourself but Amazon S3 manages the encryption as it writes and decrypts as you
read your objects.
o Client-Side Encryption: You are encrypting the data yourself before it is even uploaded
to S3.

Gateways

 File Gateway – For flat files, stored directly on S3.


 Volume Gateway – Block based storage
o Stored Volumes- Entire Dataset is stored on site and is asynchronously backed up to S3.
Used when you have connectivity issues or if you want low latency.
o Cached Volumes-The entire dataset is stored on S3 and the most frequently accessed
data is cached on site.
 Gateway Virtual Tape Library (VTL)- Used for backups and uses popular backup applications like
NetBackup, Backup Exec, Veeam, etc.

Snowball

 Snowball- Pure storage (50/80 TB depending on location). Snowballs can both import and export
from S3.
 Snowball Edge- Storage plus computing capabilities. You can run Lambda functions from the box
itself so it is essentially a mini AWS datacenter in a box.
 Snowmobile – 100 Petabytes of storage on a semi-truck and can actually come with armed
storage if required.
 Import/Export: Older method used to import large amounts of data to AWS. Amazon moved on
to snowballs due to the multiple disks and requirements that customers were using.

Transfer Acceleration

 You can speed up transfer to S3 using S3 transfer acceleration. This costs extra, and has the
greatest impact on people who are in faraway locations. You upload files to edge locations
which then upload the files to your S3 bucket.

Static Websites

 You can use S3 to host static websites


 Serverless so you don’t need any EC2 instances.
 Very cheap and scales automatically.
 STATIC only, you cannot host dynamic sites. So, no PHP or .NET sites on S3. HTML and static
content only.

Other

 When you write to S3 via command line, you get an HTTP 200 success code signifying a
successful write.
 You can load files to S3 much faster by enabling multipart upload since it uploads the files in
chunks.
 Read the S3 FAQ before taking the exam. It comes up a lot!