marc:linux:aws:solutionsarchitect
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| marc:linux:aws:solutionsarchitect [2023/03/02 10:46] – [S3 Basics] marcv | marc:linux:aws:solutionsarchitect [2023/03/02 11:20] (current) – [S3 Characteristics] marcv | ||
|---|---|---|---|
| Line 296: | Line 296: | ||
| * Securing your data: | * Securing your data: | ||
| - Server-Side Encryption: You can set default encryption on a bucket to encrypt all **new** objects when they are stored in the bucket | - Server-Side Encryption: You can set default encryption on a bucket to encrypt all **new** objects when they are stored in the bucket | ||
| - | - Access Control Lists (ACLs): define which AWS accounts or groups are granted access **AND** the type of access. You can attach S3 ACLs to individual objects within a bucket | + | - Access Control Lists (ACLs): define which AWS accounts or groups are granted access **AND** the type of access. You can attach S3 ACLs **only |
| - | - Bucket Policies: S3 bucket policies specify what actions are allowed or denied, e.g. allow user Alice to **PUT** but not **DELETE** objects in the bucket. These buckets are (like IAM policies) written in JSON and attached to buckets. They function on the whole bucket. For finer grained permissions you use the ACLs | + | - Bucket Policies: S3 bucket policies specify what actions are allowed or denied, e.g. allow user Alice to **PUT** but not **DELETE** objects in the bucket. These buckets are (like IAM policies) written in JSON and attached to buckets. They function on the **whole bucket!** For finer grained permissions you use the ACLs |
| - Strong Read-After-Write Consistency: | - Strong Read-After-Write Consistency: | ||
| - After a successful write of a new object (PUT) or an overwrite of an existing object, any subsequent read request immediately receives the latest version of the object | - After a successful write of a new object (PUT) or an overwrite of an existing object, any subsequent read request immediately receives the latest version of the object | ||
| - Strong consistency for list operations, so after a write you can immediately perform a listing of the objects in a bucket with all changes reflected | - Strong consistency for list operations, so after a write you can immediately perform a listing of the objects in a bucket with all changes reflected | ||
| + | |||
| + | |||
| + | ==== Object Policies vs ACLs ==== | ||
| + | |||
| + | Object policies are given on the **bucket level**; all objects in the buckets get the same Object Policy and its permissions | ||
| + | |||
| + | ACLs are given on *individual objects**. Giving an ACL on 1 object in a bucket does not affect the other object in the same bucket. | ||
| + | |||
| + | :!: To make objects publically available, you need to configure both Object Policies and ACL on each object! | ||
| + | |||
| ==== S3 Tiers ==== | ==== S3 Tiers ==== | ||
| Line 312: | Line 322: | ||
| * The default storage class | * The default storage class | ||
| * Use cases include websites, content distribution, | * Use cases include websites, content distribution, | ||
| - | | + | |
| + | |||
| + | |||
| + | ==== S3 Exam tips ==== | ||
| + | |||
| + | | ||
| + | * Files up to 5Tb | ||
| + | * Not OS or DB storage | ||
| + | * Unlimited storage | ||
| + | * S3 is a Universal Namespace! | ||
| + | * Successful CLI or API uploads generate an HTTP 200 status code | ||
| + | * S3 objects consist of | ||
| + | - KEY (object name) | ||
| + | - VALUE (data itself) | ||
| + | - Version ID | ||
| + | - Meta data | ||
marc/linux/aws/solutionsarchitect.1677750411.txt.gz · Last modified: (external edit)
