marc:linux:aws:solutionsarchitect
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| marc:linux:aws:solutionsarchitect [2023/03/02 10:51] – [S3 Tiers] marcv | marc:linux:aws:solutionsarchitect [2023/03/02 11:20] (current) – [S3 Characteristics] marcv | ||
|---|---|---|---|
| Line 296: | Line 296: | ||
| * Securing your data: | * Securing your data: | ||
| - Server-Side Encryption: You can set default encryption on a bucket to encrypt all **new** objects when they are stored in the bucket | - Server-Side Encryption: You can set default encryption on a bucket to encrypt all **new** objects when they are stored in the bucket | ||
| - | - Access Control Lists (ACLs): define which AWS accounts or groups are granted access **AND** the type of access. You can attach S3 ACLs to individual objects within a bucket | + | - Access Control Lists (ACLs): define which AWS accounts or groups are granted access **AND** the type of access. You can attach S3 ACLs **only |
| - | - Bucket Policies: S3 bucket policies specify what actions are allowed or denied, e.g. allow user Alice to **PUT** but not **DELETE** objects in the bucket. These buckets are (like IAM policies) written in JSON and attached to buckets. They function on the whole bucket. For finer grained permissions you use the ACLs | + | - Bucket Policies: S3 bucket policies specify what actions are allowed or denied, e.g. allow user Alice to **PUT** but not **DELETE** objects in the bucket. These buckets are (like IAM policies) written in JSON and attached to buckets. They function on the **whole bucket!** For finer grained permissions you use the ACLs |
| - Strong Read-After-Write Consistency: | - Strong Read-After-Write Consistency: | ||
| - After a successful write of a new object (PUT) or an overwrite of an existing object, any subsequent read request immediately receives the latest version of the object | - After a successful write of a new object (PUT) or an overwrite of an existing object, any subsequent read request immediately receives the latest version of the object | ||
| - Strong consistency for list operations, so after a write you can immediately perform a listing of the objects in a bucket with all changes reflected | - Strong consistency for list operations, so after a write you can immediately perform a listing of the objects in a bucket with all changes reflected | ||
| + | |||
| + | |||
| + | ==== Object Policies vs ACLs ==== | ||
| + | |||
| + | Object policies are given on the **bucket level**; all objects in the buckets get the same Object Policy and its permissions | ||
| + | |||
| + | ACLs are given on *individual objects**. Giving an ACL on 1 object in a bucket does not affect the other object in the same bucket. | ||
| + | |||
| + | :!: To make objects publically available, you need to configure both Object Policies and ACL on each object! | ||
| + | |||
| ==== S3 Tiers ==== | ==== S3 Tiers ==== | ||
marc/linux/aws/solutionsarchitect.1677750700.txt.gz · Last modified: (external edit)
