AWS Solutions Architect Exam: S3
This post summarizes the most important characteristics of S3 relevant to the AWS Solutions Architect Associate level Exam.
What is S3: S3 is is an object key/value store part of Amazon AWS
How is is organized: In S3 objects are placed in buckets, Within a bucket each object has a unique key. the Buckets namespace is global, whereas the keys only have to be unique at the bucket level.
S3 is not file storage, and it does not offer a filesystem like interface, although with the use prefixes is its possible to get S3 to display buckets and objects in a hierarchy similar to a filesystem.
Storage classes: Amazon S3 provides different storage classes which offer different characteristics that meet the needs of most users. More on storage classes can be found in https://aws.amazon.com/s3/storage-classes/
S3 Standard: 11 9s of durability, 4 9s of availability. Supports encryption of data in transit and at rest.
S3 Infrequent Access: Same durability, 3 9s of availability. All the other characteristics are the same as S3 Standard. It has a minimal object size of 128Kb, and minimum storage duration of 30 days.
S3 Archive: This involves the use of AWS Glaciers as an extension of S3, using object lifecycle management, as explained below.
S3 Reduced Redundancy: S3 allows the storage of objects with reduced redundancy. This option is cheaper, and recommended for non critical assets. It offers 4 9s of durability, and 4 9s of availability.
S3 as a static web server: An S3 bucket can be configured as a web server for static content. To enable this functionality an index and error pages have to be defined, and the corresponding objects must be made public.
S3 object lifecycle management: A set of rules determine actions to take on a group of objects. Actions can be transition actions, or expiration actions. Transition actions change the storage class of objects, while expiration actions cause the deletion of objects. Lifecycle is part of a bucket's configuration
S3 object versioning: A bucket can be configured to support object versioning. This allows keeping several versions of the same object. Using lifecycle management it is possible configure different behavior for the current and noncurrent versions.
S3 access control: By default S3 resources are private (only the owner can see and manage them). There are a number of mechanism that can be used to manage access to S3 resources.
S3 policies can be assigned to buckets, objects and users to limit actions are allowed. For example, with a bucket policy it is possible to grant access to another AWS account.
S3 ACLs: This is a legacy mechanism, that can be applied to buckets and objects.
IAM: IAM users, policies and roles can be used to control access to S3 resources.
S3 encryption: Both user-side and server-side encryption options are available. SSL can be used for data in transit as well.
Server-side encryption: Protects data at rest. There are 3 options: S3 managed keys, AWS KMS, and customer provided keys
Client-side encryption: Protects data in transit and at rest. Customers can choose to provide and mange their own keys, or use AWS KMS.
S3 notifications: Notifications for bucket events (object creation, removal, loss of reduced redundancy object). Notifications can be send to SQS, SNS or Lambda
S3 consistency model: Puts of new objects are consistent. Put/delete of existing object is eventually consistent. The READ api takes an extra parameter which can force the call to be consistent. This will make the call potentially slower
For more information refer to AWS S3 online documentation (which is excellent and very detailed):
http://docs.aws.amazon.com/AmazonS3/latest/dev/Welcome.html
What is S3: S3 is is an object key/value store part of Amazon AWS
How is is organized: In S3 objects are placed in buckets, Within a bucket each object has a unique key. the Buckets namespace is global, whereas the keys only have to be unique at the bucket level.
S3 is not file storage, and it does not offer a filesystem like interface, although with the use prefixes is its possible to get S3 to display buckets and objects in a hierarchy similar to a filesystem.
Storage classes: Amazon S3 provides different storage classes which offer different characteristics that meet the needs of most users. More on storage classes can be found in https://aws.amazon.com/s3/storage-classes/
S3 Standard: 11 9s of durability, 4 9s of availability. Supports encryption of data in transit and at rest.
S3 Infrequent Access: Same durability, 3 9s of availability. All the other characteristics are the same as S3 Standard. It has a minimal object size of 128Kb, and minimum storage duration of 30 days.
S3 Archive: This involves the use of AWS Glaciers as an extension of S3, using object lifecycle management, as explained below.
S3 Reduced Redundancy: S3 allows the storage of objects with reduced redundancy. This option is cheaper, and recommended for non critical assets. It offers 4 9s of durability, and 4 9s of availability.
S3 as a static web server: An S3 bucket can be configured as a web server for static content. To enable this functionality an index and error pages have to be defined, and the corresponding objects must be made public.
S3 object lifecycle management: A set of rules determine actions to take on a group of objects. Actions can be transition actions, or expiration actions. Transition actions change the storage class of objects, while expiration actions cause the deletion of objects. Lifecycle is part of a bucket's configuration
S3 object versioning: A bucket can be configured to support object versioning. This allows keeping several versions of the same object. Using lifecycle management it is possible configure different behavior for the current and noncurrent versions.
S3 access control: By default S3 resources are private (only the owner can see and manage them). There are a number of mechanism that can be used to manage access to S3 resources.
S3 policies can be assigned to buckets, objects and users to limit actions are allowed. For example, with a bucket policy it is possible to grant access to another AWS account.
S3 ACLs: This is a legacy mechanism, that can be applied to buckets and objects.
IAM: IAM users, policies and roles can be used to control access to S3 resources.
S3 encryption: Both user-side and server-side encryption options are available. SSL can be used for data in transit as well.
Server-side encryption: Protects data at rest. There are 3 options: S3 managed keys, AWS KMS, and customer provided keys
Client-side encryption: Protects data in transit and at rest. Customers can choose to provide and mange their own keys, or use AWS KMS.
S3 notifications: Notifications for bucket events (object creation, removal, loss of reduced redundancy object). Notifications can be send to SQS, SNS or Lambda
S3 consistency model: Puts of new objects are consistent. Put/delete of existing object is eventually consistent. The READ api takes an extra parameter which can force the call to be consistent. This will make the call potentially slower
For more information refer to AWS S3 online documentation (which is excellent and very detailed):
http://docs.aws.amazon.com/AmazonS3/latest/dev/Welcome.html
<< Home