More on this book
Community
Kindle Notes & Highlights
by
Joe Baron
Started reading
January 22, 2019
you need to power your newest bright idea or operate your
Objects can range in size from 0 bytes up to 5TB, and a single bucket can
store an unlimited number of objects.
A key can be up to 1024 bytes of Unicode UTF-8 characters,
and read and write objects. REST maps standard HTTP
Create is HTTP PUT (and sometimes POST); read is HTTP GET; delete is HTTP DELETE; and update is HTTP POST (or sometimes PUT).
very high durability and very high availability for your data.
you can choose to use Reduced Redundancy Storage (RRS) at a lower cost.
For PUTs to new objects, this is not a concern—in this case, Amazon S3 provides read-after-write consistency. However, for PUTs to existing objects (object overwrite to an existing key) and for object DELETEs, Amazon S3 provides eventual consistency.
Amazon S3 bucket policies are the recommended access control mechanism for Amazon S3 and provide much finer-grained control.
Amazon S3 Standard
Amazon S3 Standard – Infrequent Access (Standard-IA)
long-lived, less frequently accessed data.
it is best suited for infrequently accessed data that is stored for longer than 30 days.
Amazon S3 Reduced Redundancy Storage (RRS) offers
Amazon Glacier
archives
infrequently accessed data
Amazon Glacier object is copied to Amazon S3 RRS.
retrieve up to 5% of the Amazon S3 data stored in Amazon Glacier for free each month;
fully integrated “check-box-style” encryption solution where AWS handles the key management and key protection for Amazon S3.
Using SSE-KMS, there are separate permissions for using the master key,
you want to maintain your own encryption keys
AWS will do the encryption/decryption
accidental change or even maliciously deletes
Versioning is turned on at the bucket level. Once enabled, versioning cannot be removed from a bucket; it can only be suspended.
MFA Delete requires additional authentication in order to permanently delete an object
share objects with others by creating a pre-signed URL, using their own security credentials to grant time-limited permission to download the objects.
Multipart Upload API.
After all of the parts are uploaded, Amazon S3 assembles the parts in order to create an object.
use multipart upload for objects larger than 100 Mbytes,
must use multipart upload for objects larger than 5GB.
set an object lifecycle policy on a bucket to abort incomplete multipart uploads after a specified number of days.
To enable cross-region replication, versioning must be turned on for both source and destination buckets, and you must use an IAM policy to give Amazon S3 permission to replicate objects on your behalf.
S3 server access logs. Logging is off by default,
Notification messages can be sent through either Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Queue Service (Amazon SQS) or delivered directly to AWS Lambda to invoke AWS Lambda functions.
rates higher than 100 requests per second, you may want to review the Amazon S3 best practices
Amazon CloudFront distribution
storing data on multiple devices across multiple facilities in a region. Amazon Glacier is designed for 99.999999999%
stored in archives. An archive can contain up to 40TB
Vaults are containers for archives.
Each AWS account can have up to 1,000 vaults.
vault lock policy.
5% of your data stored in Amazon Glacier for free each month,
Amazon Glacier supports 40TB archives versus 5TB objects in Amazon S3.
Glacier archives are automatically encrypted,
private by default,
Controlled access may be provided to others using ACLs and AWS IAM and Amazon S3 bucket policies.
Object lifecycle management policies can be used to automatically move data between storage classes based on time.
encryption keys can be managed with Amazon KMS.
