[AWS Solution Architect] S3 2

S3

• S3 is in a global region.
• most services are going to be region specific. And you’d have to switch between them to see the resources of them
• but not for s3
• you see all your buckets from every single region in one view, which is very convenient.

Create S3

• a bucket name
  • has to be unique.
  • has to be DNS compliant.
  • you’re not allowed certain characters.

Delete S3

Upload files and make public

• If we’re going to access files by url after uploading files, we’re going to be see that it’s disabled.

So,
make it public

1. Permissions (in the top)
   • allow public access.

2. Edit on ‘Block public access’

3. Untick ‘block all public access’ and save.

4. Go to each file and click the button ‘make public’

Versioning

• for newer files

1. Properties (in the top)
2. Versioning and tick ‘Enabled’
   • default : suspend versioning
3. Overview (in the top)
   • we can see versions tab
     • we can go hide and show
     • we can add information for the version ID

   

   • if we hit show, we can see versions.

   

4. Upload new files here, which have the exact same name
   • if we hit show again, we can see that some of our files where we’ve done some uploading there have additional versions.
   • the initial files has null version ID
   • but if we upload files after turning versioning on, those files have the version ID
     • the only reason the version ID is null is because they existed prior before turning versioning on.

   

   • if we see files, we can see the latest version of file.
     • if you wanna see the previous version, you drop down here.
5. Make the latest version public
   • the latest version is not gonna inherit the original properties like for the public access (but the previous version is still public)

• if you delete a file which is the latest version
  • it still shows up in the console. but the file is no longer there.

Features of Versioning

• it helps you protect from the deletion of files.
• it allows you to keep versions of stuff and those properties.
  • which means it does not carry over to the next one.

SSE (Server-side Encryption)

1. Properties
2. Default encryption
   • by default, it is setting None.

   

   • the warning : This property does not affect existing objects in your bucket.
3. Turn AES-256 on
   • but server-side encryption is still none.

   

4. Go to Properties of each file

   • you can set individual encryption profiles.
     • you can also do it per bucket.

   

5. now if we were to go access this URL
   • but data is public.
   • can’t we access it? NO
   • the encryption doesn't mean that the files aren't accessible.
     • It just because we have made this file public, it just means that when they're at rest on the servers on AWS, there are going to be encrypted.

CLI for S3 (Command Line Interface)

• how to access private files using presigned URL.

ls

• List all buckets

  aws s3 ls

• List all folders and objects in bucket

  aws s3 ls exampro-000

  • result : PRE enterprise-d/
  • (=) aws s3 ls s3://exampro-000

• List all folders and objects in folder

  aws s3 ls exampro-000/enterprise-d/

  • (=) aws s3 ls s3://exampro-000/enterprise-d

cp

• Download object to my desktop

  aws s3 cp s3://exampro-000/enterprise-d/barclay.jpg ~/Desktop/barclay.jpg

  • cp (original file’s path) (new file’s path)

• Upload object to my s3 bucket

  aws s3 cp ~/Desktop/enterprise-d/q.jpg s3://exampro-000/enterprise-d/q.jpg

  • by default, it’s private

presign - generate a URL to provide temporary access to private files. - This is definitely a use case that you’d have if let’s say you had paid content behind, like a web application that you’d have to sign up to gain access.

• Create presigned url that expires in 300 seconds

  aws s3 presign s3://exampro-000/enterprise-d/q.jpg –expires-in 300

Lifecycle policies

• case1 change the storage class for objects
  • we’re gonna do it at the object level.

steps

1. Properties
2. Storage class
3. Choose the class that we want to standardize and save
   • we can save cost

• case2 if you want to automate that process.

  • because if we were handling a lot of log files

    let’s say after 30 days we don’t really need them anymore, but we need to hold them on fro the next seven years.

  • that’s where lifecycle policies are going to come in play
  • we’re gonna do that at the bucket level

steps

1. Go to bucket
2. Management
3. Add a new lifecycle rules

   • Name and scope

     we could limit the scope of what files we want

   • Transition

     we have to decide whether it’s the current version or the previous version

   • Expiration

     it’s not necessary, but if we want to actually delete the file after the current days

CRR (Cross-Region Replication)

• for greater durability
• it allow us to copy one file from a bucket to another bucket.
• this could be another region and in another AWS account

1. Go to S3
2. Create new bucket
   • which has another region
3. Go to new bucket (destination)
   • Make sure that we have versioning turned on in both buckets (both the source bucket and destination bucket)
4. Turn versioning on
5. Go to origin bucket (source) - Management - Replication
6. Add rules
   • Set source
   • Set destination
     • Change storage class (not necessary)
       • it’s a good idea if you want to save money.
       • It’s like your backup bucket.
       • If you don’t actually use files.
     • Object ownership (not necessary)
       • you can also send this to someone else’s bucket in another AWS account
       • your use case is this bucket has files and you want to provide it to multiple clients.
   • Configure rule options

   

   

   

Bucket policies

• we can custom rules about the type of access we want to allow to our buckets.

1. Go to bucket.
2. Permissions
3. Bucket Policy
   • it’s providing a policy in the format of json file
   • there’s a policy generator on below
4. Use AWS Policy Generator
5. Copy and paste json

S3 cheat sheat

Words

• That’s the question I have in the back of my mind
• apparently, we totally can
• a slightly different N
• syntax
• stand for (=represent)
  • what does that stand for?
• it’s not a big deal : 별거 아니다
• etc : Et cetera
• the roll isn’t created in time
• asterisk : *
• retrieval
• tradeoff
• availability : usefulness, 可用性
  • operantinal availability : 使用可用性
• Usability : 易用性
• Archive

The copyright of all material here is on the video https://www.youtube.com/watch?v=Ia-UEYYR44s This post is just for studying AWS SAA.