Site Tools


marc:linux:aws:solutionsarchitect

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
marc:linux:aws:solutionsarchitect [2023/03/02 10:46] – [S3 Basics] marcvmarc:linux:aws:solutionsarchitect [2023/03/02 11:20] (current) – [S3 Characteristics] marcv
Line 296: Line 296:
   * Securing your data:   * Securing your data:
     - Server-Side Encryption: You can set default encryption on a bucket to encrypt all **new** objects when they are stored in the bucket     - Server-Side Encryption: You can set default encryption on a bucket to encrypt all **new** objects when they are stored in the bucket
-    - Access Control Lists (ACLs): define which AWS accounts or groups are granted access **AND** the type of access. You can attach S3 ACLs to individual objects within a bucket +    - Access Control Lists (ACLs): define which AWS accounts or groups are granted access **AND** the type of access. You can attach S3 ACLs **only to individual objects within a bucket!** 
-    - Bucket Policies: S3 bucket policies specify what actions are allowed or denied, e.g. allow user Alice to **PUT** but not **DELETE** objects in the bucket. These buckets are (like IAM policies) written in JSON and attached to buckets. They function on the whole bucketFor finer grained permissions you use the ACLs+    - Bucket Policies: S3 bucket policies specify what actions are allowed or denied, e.g. allow user Alice to **PUT** but not **DELETE** objects in the bucket. These buckets are (like IAM policies) written in JSON and attached to buckets. They function on the **whole bucket!** For finer grained permissions you use the ACLs
     - Strong Read-After-Write Consistency:     - Strong Read-After-Write Consistency:
       - After a successful write of a new object (PUT) or an overwrite of an existing object, any subsequent read request immediately receives the latest version of the object       - After a successful write of a new object (PUT) or an overwrite of an existing object, any subsequent read request immediately receives the latest version of the object
       - Strong consistency for list operations, so after a write you can immediately perform a listing of the objects in a bucket with all changes reflected        - Strong consistency for list operations, so after a write you can immediately perform a listing of the objects in a bucket with all changes reflected 
 +
 +
 +==== Object Policies vs ACLs ====
 +
 +Object policies are given on the **bucket level**; all objects in the buckets get the same Object Policy and its permissions
 +
 +ACLs are given on *individual objects**. Giving an ACL on 1 object in a bucket does not affect the other object in the same bucket.
 +
 +:!: To make objects publically available, you need to configure both Object Policies and ACL on each object!
 +
 ==== S3 Tiers ==== ==== S3 Tiers ====
  
Line 312: Line 322:
       * The default storage class       * The default storage class
       * Use cases include websites, content distribution, mobile and gaming applications and big data analytics       * Use cases include websites, content distribution, mobile and gaming applications and big data analytics
-      + 
 + 
 + 
 +==== S3 Exam tips ==== 
 + 
 +  S3 is object based which allows you to upload files 
 +  * Files up to 5Tb 
 +  * Not OS or DB storage 
 +  * Unlimited storage 
 +  * S3 is a Universal Namespace! 
 +  * Successful CLI or API uploads generate an HTTP 200 status code 
 +  * S3 objects consist of 
 +    - KEY (object name) 
 +    - VALUE (data itself) 
 +    - Version ID 
 +    - Meta data 
marc/linux/aws/solutionsarchitect.1677750411.txt.gz · Last modified: (external edit)

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki