Skip to content

Latest commit

 

History

History
32 lines (30 loc) · 3.75 KB

storage-cheatsheet.md

File metadata and controls

32 lines (30 loc) · 3.75 KB
  • Simple Storage Service (S3) Object-based storage. Store unlimited amount of data without worry of underlying storage infrastructure
  • S3 replicates data across at least 3 AZs to ensure 99.99% Availability and 11'9s of durability
  • Objects contain data (they're like files)
    • Objects can be size anywhere from 0 Bytes up to 5 Terabytes
  • Buckets contain objects. Buckets can also contain folders which can in turn can contain objects
  • Bucket names are unique across all AWS accounts. Like a domain name
  • When you upload a file to S3 successfully you'll receive a HTTP 200 code . Lifecycle Management Objects can be moved between storage classes or objects can be deleted automatically based on schedule
  • Versioning Objects are given a Version ID. When new objects are uploaded the old objects are kept. You can access any object version. When you delete an object the previous object is restored. Once Versioning is turned on it cannot be turned off, only suspended.
  • MFA DELETE enforce DELETE operations to require MFA token in order to delete an object. Must have verioning turned on to use. Can only turn on MFA delete from the AWS CLI. Root Account is only allowed to delete objects
  • All new buckets are private by default Logging can be turned to on a bucket to log to track operations performed on objects
  • Access Control is configured using Bucket Policies and Access Control Lists (ACL)
  • Bucket Policies are JSON documents which let you write complex control access
  • ACLs are the legacy method (not depracated) where you grant access to objects and buckets with simple actions
  • Security in Transit Uploading is done over SSL
  • SSE stands for Server Side Encryption , S3 has 3 options for SSE
  • SSE-AES S3 handles the key, uses AES-256 algorithm
  • SSE-KMS Envelope encryption via AWS KMS and you manage the keys
  • SSE-C Customer provided key (you manage the key)
  • Client Side Encryption You must encrypt your own files before uploading them to S3
  • Cross Region Replication (CRR) allows you to replicate files across regions for greater durability.You must have versioning turned on in the source and destination bucket. You can have CRR replicate to bucket in another AWS account
  • Transfer Acceleration Provide faster and secure uploads from anywhere in the world. Data is uploaded via distinct url to an Edge location. Data is then transported to your S3 bucket via AWS backbone network.
  • Presigned Urls is a URL generated via the AWS CLI and SDK. It provides temporary access to write or download object data. Presigned URLs are commonly used to access private objects.
  • S3 has 6 different storage classes
    • Standard Fast 99.99% Availability, 11 9's Durability. Replicated across at least three AZs
    • Intelligent Tiering Uses ML to analyze your object usage and determine the appropriate storage class. Data is moved to the most cost-effective access tier, without any performance impact or added overhead.
    • Standard Infrequently Accessed (IA) n Still fast! Cheaper if you access files less than once a month. Additional retrieval fee is applied. 50 % less than Standard (reduced availability )
    • One Zone IA Still fast! Objects only exist in one AZ. Availability (is 99.5%). but cheaper then standard IA by 20% less (Reduce durability ) Data could get destroyed. A retrieval fee is applied.
    • Glacier For long term cold storage. Retrieval of data can take minutes to hours but the off is very cheap storage
    • Glacier Deep Archive The lowest cost storage class. Data retrieval time is 12 hours