AWS Certified SysOps Administrator Part VI: S3


  • 1. What is it?
    • a. Its not a file system
    • b. AWS Region-level storage
  • 2. Types of Storage
    • a. Standard Storage
      • i. 11 9s durability: 99.999999999% durability
      • ii. Availability 99.99%
    • b. RRS
      • i. 99.99% durability
      • ii. 99.99% availability
  • 3. Replication
    • a. Data is stored on multiple facilities, multiple devices within each facility
    • b. RRS does not replicate objects as many times as standard
    • c. Synchronously stores data across multiple facilities before confirming that the data has been successfully stored
    • d. Calculates checksums on all network traffic
  • 4. Features
    • a. Supports REST and SOAP APIs
    • b. Globally unique S3 bucket names
    • c. Server-side encryption of data at rest
    • d. Versioning
      • i. Applied to the bucket
    • e. Cross-region replication (CRR)
      • i. Data residency concerns
      • ii. Backups in distant facilities
      • iii. Specify a prefix
    • f. MFA delete (via API)
      • i. Require anybody deleting objects from S3 must have a MFA device
    • g. Time-limited access to objects
    • h. Audit logs
      • i. Event notifications
      • i. Sqs
      • ii. Lambda
      • iii. sns
    • j. Data lifecycle management
      • i. Archive and Expire to save costs
      • ii. Archive and then Permanently delete
      • iii. After a certain number of day
    • k. Permissions
      • i. Security
        • 1. IAM policies
          • a. User-level security
          • b. Granular security configuration
          • c. Can be controlled outside of S3
        • 2. Bucket policies
          • a. Bucket-level security
          • b. Just specific for S3
        • 3. ACLs
          • a. Legacy access control mechanism
          • b. Bucket and object-level security
        • 4. Query-string authentication
          • a. Pre-signed URLs (i.e. a URL that expires after 3 days)
      • ii. Policy generator
        • 1. Utility that will allow you to easily author policies
        • 2. File format is JSON
        • 3. ARN is used to specify the policy rules
  • 5. Amazon S3 Website Hosting
    • a. Set permissions to grant to everyone
    • b. Redirect all requests to another host name
      • i. Use a subdomain of your main domain
      • ii. Bucket name has to match the domain name you are mapping to
      • iii. Index document is the first page that they see
      • iv. Create a CNAME to target the AWS bucket URL

One thought on “AWS Certified SysOps Administrator Part VI: S3

  1. Pingback: AWS Certified SysOps Administrator Exam: Study Guide | Sky Cliffs

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s