AWS S3 Exam Preparation

Simple Storage Service – Object based storage at lowest cost.Highest durability when compared to any other storage service.

  • ¬†Types
    • S3 Standard
      1. Mostly commonly used.
      2. Use Case – Frequently accessed data should be stored here.
    • S3 Standard Infrequent Access
      1. For less frequently accessed data. Cheaper than S3.
    • S3 One-zone Infrequent Access
      1. For less frequently accessed data.
      2. Data is stored in only one AZ.
      3. Cheaper than S3 Infrequent Access.
    • Amazon Glacier
      • Used for Data Archive.
      • Data retrieval types to restore in S3
        • Expedited : within few mins.
        • Standard : 3 – 4 hrs.
        • Bulk : 5 – 12 hours to restore.
      • by default encrypted.
    • Amazon S3 Glacier Deep Archive – More appropriate for Data which would be accessed once or twice in a year.Supports long-term retention and digital preservation.Retrieval time within 12 hours.
    • Reduced redundancy
      • For frequently accessed data. Stores noncritical, easily reproducible data at lower levels of redundancy than Standard.
      • Use case – Storing image Thumb nails,
  • Data Consistency
    • Read-After-write consistency for new objects.
    • Eventual consistency – for existing objects or for all overwrites including delete.(chances of replication lag).
  • Use case – To store videos,image , any other file type
  • Min- Max size of single object 0 -5TB.
  • CROSS Region Replication
    • Only new or updated objects will get replicated to other region.
    • Versioning must be enabled for CRR and CRR is at Bucket level.
    • Already existing files are not automatically replicated.
  • CORS
    • selectively allow cross-origin access to your Amazon S3 resources.
  • Life Cycle Policy
    • Can be applied on current or prev versions.
    • Policy is based on Bucket.
    • Use Case – To archive data and reduce cost; move from S3 standard to S3 IA and then to Glacier or directly to Glacier.
  • Encryption
    • In Transit
      • Use SSL / TLS
    • At Rest
      • Server Side
        1. SSE-S3 (self managed keys)
        2. SSE-KMS (audit Trail)
        3. SSE – C Customer provided
      • Client Side
        • Encrypt @ client side and upload to S3.
  • CDN – Content Delivery Network
    • Used CloudFront
    • CloudFront can be configured to automatically compress files.
    • Create distribution and then create origins & cache controls of Amazon S3 bucket or HTTP server.
    • Geo Restrictions can be made,with¬† whitelist (allowable ip) and blacklist(block address).

Exam Tips:

  • Charged for – Storage/GB ,COPY requests, and inter-Region data transfer.
  • You can set up CRR across AWS accounts.
  • Versioning must be enabled for both the source and destination buckets to enable CRR.
  • If the data set is less than 1GB in size, you should consider using Amazon CloudFront’s PUT/POST.
  • Transfer Acceleration enable S3 Transfer Acceleration on an S3 bucket using the Amazon S3 console, the Amazon S3 API, or the AWS CLI.
  • S3 Select provides a new way to retrieve specific data using SQL statements.
  • S3 One Zone-IA assigns an AWS Availability Zone in the region according to available capacity.
  • S3-IA minimum size is 128kb across.
  • SSE-KMS enables you to use AWS Key Management Service (AWS KMS) to manage your encryption keys.
  • AWS KMS provides an audit trail so you can see who used your key to access which object and when.
  • S3 is a Global service, and its reliability and durability are not bound to any Region or Availability Zone.
  • Any metadata and ACLs associated with the object are also part of the replication.
  • Random hash prefix spreads load evenly across partitions for performance.
  • Multipart upload is recommended for files greater than 100MB, and is required for files larger than 5GB.
  • Multipart Upload process by re-assembling the parts of an upload.
  • By design, it is possible to stop a multipart upload. Once stopped, the upload may be aborted or resumed.
  • S3 charged per 1000 requests(PUT, GET,COPY,POST LIST).
  • ACL can made at individual objects to make public but the bucket can be private.
  • Amazon S3 server access logs store a record of what was accessed & requesting IP address.

Practice:

  • Try ACL at object level and bucket level
  • Try Life cycle policy at object level.