05-S3

type
status
date
slug
summary
tags
category
icon
password

S3

  1. S3: Simple Storage Service
  1. object storage
  1. can store file size up to 5T
  1. bucket
    1. name space is globally unique
  1. post to public
    1. permissions
    2. default block public access
    3. edit object ownership with acl(access control list)
    4. edit file to make public using acl
  1. two ways of access control
    1. acl: individual level
    2. bocket policy: entire bucket level
  1. host static website on S3
    1. open host website config
    2. upload files
    3. edit bucket policy to public
  1. versioning
    1. once you open it, it only can suspend but not close
  1. types
    1. s3 standard:
    2. s3 standard - infrequent access
      1. used for long-term storage / backups
      2. only store in one avaliablity zone
    3. s3 intelligenet-tiering
      1. support auto switch between frequent and infrequent access
  1. 3 glacier option
    1. glacier instant retrieval: once a year but need instantly access
    2. glacier flexible retrieval: minutes to 12 hours to retrieval: not prod databases
    3. glacier deep archive: up to 48 hours to retrieval: financial need
notion image
  1. life cycles
    1. auto switch the s3 types
  1. s3 object lock
    1. write once, read many
    2. prevent being deleted or modifiedd
    3. mode
      1. governance mode
        1. can still grant permissions to some users
      2. compliance mode
        1. can not modified by any user
    4. legal hold: prevent being modified without rentention period
  1. glacier vault lock
    1. easily deploy
    2. enforce compliance control
  1. encryption
    1. transit
      1. ssl / tls
      2. https
    2. server side
      1. SSE-S3: use AES
      2. SSE-KMS: key management service
      3. SSE-C: customer-provided keys
    3. client side
      1. encryption yourself
    4. use headers to enforce encryption in put object
  1. optimizing performance
    1. prefix: folder name
    2. spreading read across different prefixes
    3. use SSE—KMS to encrypt
      1. use KMS quota
      2. region specific
      3. cannot request a quota increase
    4. multipart upload
      1. should be use by file over 100MB
      2. must be use by file over 5g
    5. download
      1. byte-range fetches
  1. S3 replication
    1. replicate one bucket to another
    2. version must be enabled
    3. only the subsequent object will be replicated automatically
    4. delete markers are not replicated by default
    06-EC204-IAM Exercise