S3 – Storage classes

                                                              The below image compares the features of the storage classes.

S3 storage classes

 

S3 Standard:                      Availability: 99.99% and Durability: 99.999999999% (11 – 9s)

Amazon S3 Standard offers high durability, availability, and performance object storage for frequently accessed data.

Use Case: Because it delivers low latency and high throughput, Standard is perfect for a wide variety of use cases including cloud applications, dynamic websites, content distribution, mobile and gaming applications, and big data analytics.

Features:

  • Minimum object size is 0 KB. You can touch a file and put it.

 

S3 – Infrequent Access:           Availability: 99.9% and Durability: 99.999999999%

This storage class is for infrequently accessed data but requires them to be available immediately when needed.

It offers same low latency and high throughput performance of Standard storage.



Glacier: 

Glacier is to store data for archival purposes. You can upload a single file as an archive or aggregate multiple files into a TAR or ZIP file and upload as one archive. A single archive/file can be as large as 40 terabytes. You can store an unlimited number of archives and an unlimited amount of data in Amazon Glacier.

Each archive is assigned a unique archive ID at the time of creation, and the content of the archive is immutable, meaning that after an archive is created it cannot be updated.

As per recent announcements from Aws, Glacier provides 3 types of retrieval options.

  • Expedited – Data will be available within 1-5 minutes.
  • Standard – 3 to 5 hours
  • Bulk(cost effective) – 5 to 12 hrs.

Note: You can retrieve 10 GB of your Amazon Glacier data per month for free.

Key points:

  • You can’t put objects directly into Glacier.
  •  Objects that are stored using the Amazon Glacier option are only accessible through the Amazon S3 APIs or the Amazon S3 Management Console.
  • While retrieving, you’ll get the temporary copy of the archive, not the original archive.
  • The retrieval request creates a temporary copy of your data in RRS while leaving the archived data intact in Amazon Glacier. You can specify the amount of time in days for which the temporary copy is stored in RRS. You can then access your temporary copy from RRS through an Amazon S3 GET request on the archived object.

 

Reduced Redundancy Storage. Availability: 99.99% and Durability: 99.99

Reduced Redundancy Storage (RRS) is an Amazon S3 storage option that enables customers to reduce their costs by storing noncritical, reproducible data at lower levels of redundancy than Amazon S3’s standard storage.

  • Designed to sustain the loss of data in a single facility.

S3 – Encryption

Encryption on any system requires three components:

(1) data to encrypt
(2) a method to encrypt the data using a cryptographic algorithm(AES)
(3) encryption keys to be used in conjunction with the data and the algorithm.

 

S3 supports encryption of data in transit and at rest.

The data at transit will be encrypted using SSL. For data at rest, you can encrypt using below options.

Server Side Encryption

How it works:

sse

SSE- S3 (Server Side Encryption): Amazon handles key management and key protection using multiple layers of security.

In this model, data is encrypted before it is written to disk in Amazon S3. Each object is encrypted with a unique data key. As an additional safeguard, this key is encrypted with a periodically rotated master key(encrypted data key) managed by Amazon S3.

 

SSE – KMS (Key Management Service) : You can use AWS KMS to manage your encryption keys. It provides an audit trail so you can see who used your key to access which object and when, as well as view failed attempts to access data from users without permission to decrypt the data.

 

SSE-C (Customer provided keys) : You can use your own encryption key while uploading an object to Amazon S3.This encryption key is used by Amazon S3 to encrypt your data.

When you retrieve this object from Amazon S3, you must provide the same encryption key in your request. Amazon S3 verifies that the encryption key matches, decrypts the object, and returns the object to you.

 

Client Side Encryption:

You encrypt the files in your end using your preferred encryption types and then upload the encrypted filed to S3.

 

Scenarios – When to use:

Understanding of the given scenario is very important in the examination. You’ll be given a scenario for encrypting the files and you’ve to choose the right answer based upon the requirements and keywords mentioned.

Amazon handles the encryption/decryption and keys: 

SSE – S3 is the right option for this scenario. You needn’t to worry about encryption/decryption or keys, let AWS handles everything by themselves.

You want to manage/take hold of keys: 

SSE-C is the right option for this scenario. AWS handles the encryption/decryption, whereas you’ll be managing the keys.

You manage your keys and also wants to track who’s using your key/attempting to decrypt files without your permission:

SSE-KMS is the right option for this scenario. It provides an audit trail so you can see who used your key to access which object and when, as well as view failed attempts to access data from users without permission to decrypt the data.

Note: You can’t apply different types of server-side encryption to the same object simultaneously.

 

AWS S3 – Simple Storage Service

Simple, durable, massively scalable object storage

S3 is one of the most amazing features of AWS and heavily featured exam topic in AWS certifications.

You have to know what are the different storage types, classes available in S3. Which is ideal for the given scenario, how to move the data in and out of the S3 etc.

Below are the general overview and exam tips for the S3.

  • S3 is an object storage service. You can store flat files, host a static website but can’t install operating systems or run a dynamic site.
  • It’s a highly available and durable service. The data stored is backed up in multiple availability zones by default and cost effective as well.
  • There are three types of S3 storage classes available. S3 – Standard, Infrequent access, Glacier.
  • Remember, Reduced Redundancy Storage (RRS) is an Amazon S3 storage option.
  • S3 supports SSL encryption of data in transit and at rest. Read about encryption here: S3 Encryption

 

Storage:

Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes.

The largest object that can be uploaded in a single PUT is 5 gigabytes. For objects larger than 100 megabytes, customers should consider using the Multipart Upload capability.

In short, You can store an object of maximum size 5TB which can be uploaded in chunks.

Maximum size of single chunk is 5GB. You can use multipart upload for faster uploading of chunks size greater than 100MB.

Note: It’s recommended to use multipart upload for objects greater than 100MB size and it’s required to use multipart for files of size 5GB.

Amazon S3 buckets in all Regions provide read-after-write consistency for PUTS of new objects and eventual consistency for overwrite PUTS and DELETES.

If an object uploaded is not immediately reflecting in the bucket, then it means that bucket in the region is using eventual consistency.

AWS Certified Solutions Associate Architect – Blue print

Exam Blueprint The table below lists the domains measured by this examination and the extent to which they are represented. Domain % of Examination 1.0 Designing highly available, cost-efficient, fault-tolerant, scalable systems 60% 2.0 Implementation/Deployment 10% 3.0 Data Security 20% 4.0 Troubleshooting 10% TOTAL 100% 1 Domain 1.0: Designing highly available, cost-efficient, fault-tolerant, scalable systems […]