This is the takeaway notes that I have penned down from Ryan Kroonenburg’s online training. He is a founder of A Cloud Guru (One of the Best AWS Training provider on the planet!).
We will be having discussion on key important points on S3 (Simple Storage Service) that have high weight-age in the AWS Solution Architect Associate Certification Exam.
What is Simple Storage Service (S3)
As name implies, It is a storage service from amazon to store your files reliably and securely.
S3 is object based and object consist of
- Key-Value store, where key is the name of the object and value is the actual data inside the file
- Metadata
- Versioning ( Versioning stores all the versions of the file, even if you delete it, a great way to back-up, Also supports MFA (Multi-Factor authentication to have additional security layer). Once enabled versioning can’t be disabled. It can only be suspended.
- Subresources such as ACL (Access Control List setting both file level permission and bucket level, Torrenting )
Things to consider before provisioning S3 storage:
- Object-based Storage, meaning you can only store files in S3 such as pictures, videos, pdfs, docs, etc. You can NOT store OS, Applications such as Database Server in S3
- Files are stored in Buckets (Container), think bucket as a special folder. It’s names should be globally unique. The format of S3 bucket unique identifier is https://s3.{region-name}.amazonaws.com/{your-bucket-name}.
- Whenever your file upload is successful, you will receive HTTP status 200.
- Files can vary from 0 to 5 TB.
- There is unlimited storage and you will be charged hourly basis.
- SLA for availability is 99.9%
- Amazon guarantees 99.9% durability (11×9 after dot to be precise)
- Support for Encryption
- Charged for Storage, Requests, Storage management pricing (such as Tags), Data transfer (Cross Region) and Transfer Acceleration ( Basically uses Amazon’s CloudFront a CDN service from AWS which is data center closed to user’s location)
Understanding Data Consistency in S3
Read After Write for PUTS of new Objects
This means, you can immediately read the contents of file, when you upload new file.
Eventual Consistency for overwrite PUTS and DELETES
This means, when you modify the file contents, overwrite or delete the file, it may take few seconds to propagate the changes.
The reason behind this delay is that S3 is spanned across multiple availability zones and regions. When you have modified or overwritten the file it may have done at one data center at some location. So there will be some latency will be involved to replicate changes across multiple data center.
Types of S3
S3 Standard
Stable, redundant across multiple disks and availability zones and Durable, Minimum storage duration charge is 30 days, No charge for retrieval. Can sustain the loss of 2 concurrent aws availability zones.
S3 IA (Infrequently Accessed)
Less frequently accessed Data but quick retrieval, Minimum storage duration charge is 30 days. Charged for data retrieval. Lower cost than S3 Standard.
S3 One Zone – IA
Same as S3-IA but only stored in one availability Zone, lower cost than S3 IA.
Glacier
Cheapest, Used for mostly data archival . Don’t care of retrieval times, Minimum storage duration charge is 90 days
- Expedited : Data retrieval within few minutes
- Standard : Data retrieval takes 3-5 hours
- Bulk : Data retrieval takes 5-12 hours
Security and Encryption
There are two main types of Encryption
In Transit
This is basically encryption from your pc to AWS, and basically secured using SSL/TLS. Basically uses https.
At Rest
There are two types of At rest encryption.
Server Side Encryption
S3 Managed Keys (SSE-S3)
Uses AES-256 (Advanced Encryption Standard). Each object is encrypted with unique Key, with additional safe guard AWS encrypt key with Master key and it regularly rotate this key. This is completely handled by Amazon.
AWS Key Management Service (SSE-KMS)
Similar to SSE-S3 with few additional benefits such as provides Audit trail that who is decrypting what and when.
Server Side Encryption with Customer provided keys (SSE-C)
Again similar as SSSE-S3, however you have to manage encryption key and AWS will manage encryption.
Client Side Encryption
You encrypt the data on client side and then upload in S3.
Security can implemented using Bucket policies and Access control lists.
Transfer Acceleration
This service utilizes AWS CloudFront Edge Network to accelerate your uploads to S3. Instead of uploading directly to your S3 bucket, we can use distinct url to upload directly to an edge location which will then transfer the file to S3.
Hopefully we have covered, most of the important aspects of S3. I will continue posting on AWS Certified Solution Architect Exam topics. Please feel free to provide your feedback.
That was actually really good! Are you just taking the courses at the moment or you actually had the certification? I am planning on going over the exam process in the next few months.
LikeLiked by 1 person
Hi Michael,
Thanks! for your feedback. I am currently taking the course and planning for certification in couple of months.
LikeLike
Very useful info…
aws course
LikeLike
I will really appreciate the writer’s choice for choosing this excellent article appropriate to my matter.Here is deep description about the article matter which helped me more.
data science training in indore
LikeLike