Site Tools


marc:linux:aws:solutionsarchitect

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
marc:linux:aws:solutionsarchitect [2023/02/28 11:08] – [Identity Providers] marcvmarc:linux:aws:solutionsarchitect [2023/03/02 11:20] (current) – [S3 Characteristics] marcv
Line 188: Line 188:
  
 {{:marc:linux:aws:iam_check_policy.png?direct&800|}} {{:marc:linux:aws:iam_check_policy.png?direct&800|}}
 +
 +:!: An explicit deny will always override an allow! Reference Documentation: [[https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json|Policies and Permissions in IAM]]
  
 ==== IAM Building Blocks ==== ==== IAM Building Blocks ====
Line 256: Line 258:
   * Set up password rotations. You can create your own policies   * Set up password rotations. You can create your own policies
   * IAM Federation: Combine existing account with AWS using SAML with Active Directory setting up a trust, or use OpenID   * IAM Federation: Combine existing account with AWS using SAML with Active Directory setting up a trust, or use OpenID
 +  * An explicit deny will always override an allow! Reference Documentation: [[https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json|Policies and Permissions in IAM]]
 +
 +===== S3 (Simple Storage Service) =====
 +
 +  * S3 provides **Object** storage in a secure, durable, highly scalable way.
 +    * Upload any file type you can think of to S3
 +    * Examples include photos, videos, code, documents etc
 +    * Can **NOT** be used to run operating systems or databases
 +  * It allows you to store and retrieve **any amount of data from anywhere** on the web at a very low cost.
 +  * Amazon S3 is easy to use with a simple web service interface
 +
 +
 +==== S3 Basics ====
 +
 +  * Unlimited Storage" The total volume of data and number of objects you can store on S3 is **unlimited**
 +  * Objects up to 5TB in size
 +  * Objects are stored in S3 Buckets (similar to directories)
 +  * S3 buckets need to be uniquely named: all AWS accounts share the S3 namespace so each S3 Bucket name is **globally unique**
 +    * Example S3 URLS:
 +    - https://bucket-name.s3.Region.amazonaws.com/key-name
 +    - https://acloudguru.s3.us-east-1.amazonaws.com/picture.jpg
 +  * Uploading files; when you upload a file to an S3 bucket you will receive an **HTTP 200** code if successful
 +  * An S3 Object consists of:
 +    * **Key**; the name of the object (picture.jpg)
 +    * **Value**: The data itself which is made up of a sequence of bytes
 +    * **Version ID**: Important for storing multiple versions of the same object
 +    * **Metadata**: Data about the data you are storing (content-type, last-modified, etc)
 +  * S3 is a safe place to store your files; the data is spread across **multiple devices and facilities** to ensure **availability** and ** durability**
 +  * Availability: 99.95% - 99.99% **service availability**, depending on the S3 tier
 +  * Durability: 99.999999999% (9 decimal places) **durability** for data stored in S3 (meaning data will be stored safely)
 +
 +==== S3 Characteristics ====
 +
 +  * Tiered Storage: S3 offers a range of storage classes designed for different use cases
 +  * Lifecycle Management: Define rules to automatically transition objects to a cheaper storage tier or delete objects that are no longer required after a set period of time
 +  * Versioning: with versioning, all versions of an object are stored and can be retrieved, **including deleted objects**
 +  * Securing your data:
 +    - Server-Side Encryption: You can set default encryption on a bucket to encrypt all **new** objects when they are stored in the bucket
 +    - Access Control Lists (ACLs): define which AWS accounts or groups are granted access **AND** the type of access. You can attach S3 ACLs **only to individual objects within a bucket!**
 +    - Bucket Policies: S3 bucket policies specify what actions are allowed or denied, e.g. allow user Alice to **PUT** but not **DELETE** objects in the bucket. These buckets are (like IAM policies) written in JSON and attached to buckets. They function on the **whole bucket!** For finer grained permissions you use the ACLs
 +    - Strong Read-After-Write Consistency:
 +      - After a successful write of a new object (PUT) or an overwrite of an existing object, any subsequent read request immediately receives the latest version of the object
 +      - Strong consistency for list operations, so after a write you can immediately perform a listing of the objects in a bucket with all changes reflected 
 +
 +
 +==== Object Policies vs ACLs ====
 +
 +Object policies are given on the **bucket level**; all objects in the buckets get the same Object Policy and its permissions
 +
 +ACLs are given on *individual objects**. Giving an ACL on 1 object in a bucket does not affect the other object in the same bucket.
 +
 +:!: To make objects publically available, you need to configure both Object Policies and ACL on each object!
 +
 +==== S3 Tiers ====
 +
 +  * S3 Standard:
 +    * High Availability and Durability:
 +      * Data is stored redundantly across multiple devices in multiple facilities (>=3 AZ's)
 +        * 99.99% availability
 +        * 99.999999999% durability (11 9's)
 +    * Designed for Frequent Access; perfect for frequently accessed data
 +    * Suitable for most workloads:
 +      * The default storage class
 +      * Use cases include websites, content distribution, mobile and gaming applications and big data analytics
 +
 +
  
 +==== S3 Exam tips ====
  
 +  * S3 is object based which allows you to upload files
 +  * Files up to 5Tb
 +  * Not OS or DB storage
 +  * Unlimited storage
 +  * S3 is a Universal Namespace!
 +  * Successful CLI or API uploads generate an HTTP 200 status code
 +  * S3 objects consist of
 +    - KEY (object name)
 +    - VALUE (data itself)
 +    - Version ID
 +    - Meta data 
marc/linux/aws/solutionsarchitect.1677578907.txt.gz · Last modified: (external edit)

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki