S3
S3 is object based i.e. allows you to upload filesFiles can be from 0 Bytes to 5TBThere is unlimited storageFiles are stored in BucketsS3 is a universal namespace, that is, names must be unique globallyRead after write consistency for PUTS of new Objects (link)Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate)S3 Storage Classes/Tiers
S3 ( durable, immediately available, frequently accessed)S3 - IA ( durable, immediately available, infrequently accessed)S3 - Reduced Redundancy Storage ( data that is easily reproducible, such as thumb nails etc)Glacier - Archived data, where you can wait 3-5 hours before accessing.Remember the core fundamentals of an S3 objects
Key (name)Value (data)Version IDMetadataSubresourcesACLTorrentObject based storage only (for files)
Not suitable to install an operating system on
Successful uploads will generate a HTTP 200 status code
Read the S3 FAQ before taking the exam. It comes up A LOT!
Bucket -> Files
==
S3 - Versioning
Stores all versions of an object ( including all writes and even if you delete an object )Great backup toolOnce enabled, versioning can't be disabled, only suspendedintegrates with Lifecycle rulesVersioning's MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security.S3 - Cross Region Replication ( DR ? )
Versioning must be enabled on both the source and destination bucketsRegions must be uniqueFiles in an existing bucket are not replicated automatically. All subsequent updated files will be replicated automatically.You cannot replicate to multiple buckets or use daisy chaining ( at this time )Delete markers are replicatedDeleting individual versions or delete markers will not be replicated.Understand what Cross Region Replication is at a high level.S3 - Lifecycle Management Lab (link)
Can be used in conjunction with versioningCan be applied to current versions and previous versionsFollowing actions can now be doneTransition to the Standard - INfrequent Access Storage Class (128kb and 30 ydas after the creation date)Archive to the Glacier Storage Class ( 30 days after IA, if relevant)Permanently DeleteSecurity & Encryption
Security
By default, all newly created buckets are PRIVATE.You can setup access control to your buckets using Bucket PoliciesAccess Control Lists
S3 buckets can be configured to create access logs which log all requests made to the S3 bucket. This can be done to another bucket.Encryption
In Transit
SSL/TLS
At Rest
Server Side Encryption
S3 Managed Keys - SSE-S3AWS Key Management Service, Managed Keys - SSE-KMSServer Side Encryption With Customer Provided Keys - SSE-CClinet Side Encryption
S3 Transfer Acceleration
S3 Transfer Acceleration utilises the CloudFront Edge Network to accelerate your uploads to S3. Instead of uploading directly to your S3 bucket, you can use a distinct URL to upload directly to an edge location which will then transfer that file to S3. You will get a distinct URL to upload to.
