[AWS]AWS Certified Solutions Architect - Day2

S3 - 101

What is S3?

• S3 provides developers and IT teams with secure, durable highly-scalable object storage. Amazon S3 is easy to use, with a simple web services interface to store and retrieve any amount of data from anywhere on the web.

• S3 is a safe place to store your files.

• It is Object-based storage.

• The data is spread across multiple devices and facilities.

S3 - The Basics

• S3 is Objected-based - i.e. allows you to upload files.

• Files can be from 0 Bytes to 5 TB.

• There is unlimited storage.

• Files are stored in Buckets

  • A bucket as just a folder in the cloud

• S3 is a universal namespace. That is, names must be unique globally.

• Example - https://s3-eu-west-1.amazonaws.com/acloudguru (acloudguru is a bucket name)

• When you upload a file to S3, you will receive a HTTP 200 code if the upload was successful.

• Not suitable to install an OS on.

Data Consistency Model For S3

• Read after Write consistency for PUTS of new Objects

• Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate)

  • 파일을 업로드하거나 업데이트 하면 그것이 S3에 반영되는데 시간이 조금 걸린다. 따라서 그 시간이 얼마나 걸리는 지에 따라 사용자가 해당 파일에 대한 요청을 할 경우 업데이트 이전의 내용이 올 수도 있고 업데이트 된 내용이 올 수도 있다. 하지만 충분한 시간이 지나면 업데이트된 파일을 불러온다.

S3 Is a Simple Key-value Store

• S3 is Object based. Objects consist of the followings:

  • Key (This is simply the name of the object)

  • Value (This is simply the data and is made up of a sequence of bytes)

  • Version ID (Important for versioning)

  • Metadata (Data about data you are storing)

  • Subresources:

    • Access Control Lists

    • Torrent

S3 - The Basics

• Built for 99% availability for the S3 platform.

• Amazone Gurantee 99% availability.

• Amazone Gurantee 99% durability for S3 information.

• Tiered Storage Available

• Lifecycle Management

• Versioning

• Encryption

• Secure your data using Access Control Lists and Bucket Policies.

S3 - Storage Tiers/Classes

• S3 Standard : 99% availability, 99% durability, stored redundantly across multiple devices in multiple facilities, and is designed to sustain the loss of 2 facilities concurrently. (durable, immediately available, frequently accessed)

• S3 - IA : (Infrequently Accessed) : For data that is accessed less frequently, but requires rapid access when needed. Lower fee than S3, but you are charged a retrieval fee. (durable, immediately available, infrequently accessed)

• S3 One Zone - IA : want a lower-cost option for infrequently accessed data, but do not require the multiple Availability Zone data resilience. (even cheaper than IA, but only in one availability zone.)

• Glacier : Very cheap, but used for archival only. Expedited, Standard or Bulk. A Standard retrieval time takes 3 - 5 hours.

S3 - Charges

• Charged for:

  • Storage

  • Requests

  • Storage Management Pricing

  • Data Transfer Pricing

  • Transfer Acceleration

What is S3 Transfer Acceleration?

• Amazon S3 Transfer Acceleration enables fast, easy and secure transfers of files over long distances between your end users and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront's globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

  • CloudFront - Amazon's CDN network

Create an S3 Bucket - Lab

Create an S3 Bucket - Exam Tips

• Buckets are a universal name space

• Upload an object to S3 receive a HTTP 200 Code

• S3, S3 - IA, S3 Reduced Redundancy Storage

• Encryption

  • Client Side Encryption

  • Server Side Encryption

    • Server side encryption with Amazone S3 Managed Keys (SSE-S3)

    • Server side encryption with KMS (SSE-KMS)

    • Server side encryption with Customer Provided Keys (SSE-C)

• Control access to buckets using either a bucket ACL or using Bucket Polices

• BY DEFAULT BUCKETS ARE PRIVATE ALL OBJECTS STORED INSIDE THEM ARE PRIVATE

S3 - Versioning Lab

S3 - Versioning Exam Tips

• Stores all versions of an object (including all writes and even if you delete an object)

• Great backup tool.

• Once enabled, Versioning cannot be disabled, only suspended.

• Integrates with Lifecycle rules

• Versioning's MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security.

Cross Region Replication

S3 - Cross Region Replication Exam Tips

• Versioning must be enabled on both the source the destination buckets.

• Regions must be unique.

• Filed in an existing bucket are not replicated automatically. All subsequent updated files will be replicated automatically.

• You cannot replicate to multiple buckets or use daisy chaining (at this time.)

• Delete markers are NOT replicated.

• Deleting individual versions or delete markers will not be replicated.

• Understand what Cross Region Replication is at a high level.

Lifecycle Management, S3 - IA & Glacier Lab

S3 - Lifecycle Management Exam Tips

• Can be used in conjunction with versioning.

• Can be applied to current versions and previous versions.

• Following actions can now be done:

  • Transition to the Standard - Infrequent Access Storage Class (30 days after the creation date.)

  • Archive to the Glacier Storage Class (30 days after IA, if relevant)

  • Permanently Delete

CloudFront CDN Overview

What is a CDN

• A content delivery network (CND) is a system of distributed servers (network) that deliver webpages and other web content to a user based on the geographic locations of the user, the origin of their webpage and a content delivery server.

• Amazon CloudFront can be used to deliver your entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations. Requests for your content are automatically routed to the nearest edge location, so content is delivered wit the best possible performance.

• Amazon CloudFront is optimized to work with other Amazon Web Services, like Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Load Balancing, and Amazon Route 53. Amazon CloudFront also works seamlessly with any non-AWS origin server, which stores the original, definitive versions of your files.

CloudFront - Key Terminology

• Edge Location - This is the location where content will be cached. This is separate to an AWS Region/AZ

• Origin - This is the origin of all the files that the CDN will distribute. This can be either an S3 Bucket, an EC2 Instance, an Elastic Load Balancer on Route53. (simply where our original files are)

• Distribution - This is the name given the CDN which consists of a collection of Edge Locations.

• Web Distribution - Typicaaly used for Websites.

• RTMP - Used for Media Streaming

CloudFront - Exam Tips

• Edge locations are not just READ only, you can write to them too. (ie put an object on to them)

• Objects are cached for the life of the TTL (Time To Live)

• You can clear cached objects, but you will be charged.