S3 (Simple Storage Service)
- it provides you with
unlimited storage - The S3 console provides an interface for you to upload and access your data.
- S3 Object : contain data like files.
- You can store data from 0 bytes to 5 Terabytes in size.
- S3 Bucket : hold objects like folders.
- Bucket names must be unique.
Object-based storage service
1
data storage architecture that manages data as objects (as opposed to other storage architecture)
file systemswhich manages data as files and fire hierarchyblock storagewhich manages data as blocks within sectors and tracks
Storage Classes
(less cheaper)
- Standard(default)
- Intelligent Tiering
- Standard Infrequently Accessed (IA)
- One Zone IA
- Glacier
- for cold data
- the points : price(The lowest price), safety(99.9% durability) -> so it’s the best for cold data
- for cold data
- Glacier Deep Archive
(the cheapest)
1
Amazon S3 Glacier is a secure, durable, and extremely low-cost Amazon S3 storage class for data archiving and long-term backup. With S3 Glacier, customers can store their data cost effectively for months, years, or even decades.
** reference : https://bluese05.tistory.com/35
AWS is guarantee of 99.99% of availability, 11's durability.
Storage Classes Comparison
** reference : https://www.youtube.com/watch?v=Ia-UEYYR44s
Security
Log files are generated and saved in a different bucket. (not the same bucket) (Logging per request can be turned on a bucket.)
- ACL(Access Control Lists
- the way to control access simply.
- Bucket Policies
- it is generally used more.
- you have to write a JSON document policy
- a lot more rich, complex rules.
- if you are ever setting up static S3, you definitely have to use a bucket policy
- there’s no fool proof.
Encryption
- SSE (Server Side Encryption)
- SSE-AES : AES-256 (uses 256 bytes, very long encryption)
- SSE-KMS
- Key Management Service
- it uses envelope encryption
- so the key is then encrypted with another key
- It’s either managed by AWS or managed by you the key itself.
- SSE-C
- C : Customer provided keys
- it’s no option in default encryption
- it’s just encrypting the files locally and then uploading them to S3.
Data Consistency
- Consistency
- Consistency is going to be different when you are overwriting files or deleting objects.
New Objects(PUTS)
- when you put data or write new data to S3 as a new object, it’s going to be read after write consistency.
- What that means is as soon as you upload it, you can immediately read the data and it’s going to be consistent.
Overwrite Objects(PUTS) / Delete Objects(DELETES)
when it comes to overwriting and deleting objects, it’s going to take time for s3 to replicated to all those other AZs. (it only takes like a second or two to update)
so if you were to immediately read the data, s3 may return to you an old copy.
AZ
- Availability Zone
- the logical building block that makes up an AWS Region.
- the isolated locations within data center regions from which public cloud services originate and operate.
CRR (Cross Region Replication)
- it provides higher durability in the case of disaster
- when you turn it on, we are going to specify a destination bucket in another region.
- and it’s going to automatically replicate those objects from the region source.
- it replicate to a bucket in another AWS account which is setting on another region.
- for it, you need to have versioning turned on in both the source and destination buckets.
Versioning
what versioning does is it allows you to version your objects.
- it help you to prevent data lose
- and just keeping track of versions.
- if you put a new file which has the exact same key, it’s going to create a new version of it. and it’s goint to it a new version ID
- the idea is if you access this object, it’s always goint to pull the one from the top.
- and if you were to delete that object, now it’s going to access the previous one.
SO it’s a really good way of protecting your data.
- if you do turn on S3 versioning, you cannot disable it after the fact. which means once it’s turned on, you cannot remove versioning from existing file.
- all you can do is suspend versioning.
Lifecycle Management
- what it does is it automates the process of moving objects to different storage classes or deleting them all together.
- it can be used together with versioning
- it can be applied to both current and previous versions
Transfer Acceleration
- it provides you fast and secure transfer of files over long distances between your end users and S3 bucket.
Presigned Urls
- it generate a url which authenticate you temporary access to an object to either upload or download object data.
- it is commonly used to provide access to private objects.
- You can use AWS CLI / AWS SDK to generate it. ** CLI : Commend Line Interface ** SDK : Software Development Kit
MFA Delete (Multi Factor Authentication)
- it makes you require an MFA code in order to delete object.
- there’s some limitations (caveats) around how you can use it or you can’t use MFA delete.
- You must use AWS CLI in order to turn on MFA
- You have to make sure version is turned on your bucket
- Only the bucket owner logged in as the root user can delete objects from the bucket.
- This is going to be a really good way to ensure that files do not get deleted by act.
Important words
- stand for : 象徴する。代表
- replicate : duplicate, 複製する。
- take a look : 一度見る
- have a feature called ~
- compliancy reason : 遵守理由
- that is the concept
- caveats : 注意事項, 注意事项
- durability : 耐久性
- optimizing operational excellence : 운영 우수성의 최적화
- that kind of stuff
- versus : vs
- elasticity : 탄력성 (elasticity of demand)
- scalability : 확장성
- a bunch of ~ : 묶음, 다발
- pillar : 축
- nitty-gritty
- what is essential and basic
- be applicable to N
- you will be overwhelmed
- to overcome completely in mind or feeling
- foundational information
- resilient
- able to withstand or recover quickly from difficult conditions. strong and not easily damaged by being hit, stretched, or squeezed.
- reliable and resilient storage
- able to be trusted.
Comments powered by Disqus.