- 1. What is it?
- a. Its not a file system
- b. AWS Region-level storage
- 2. Types of Storage
- a. Standard Storage
- i. 11 9s durability: 99.999999999% durability
- ii. Availability 99.99%
- b. RRS
- i. 99.99% durability
- ii. 99.99% availability
- a. Standard Storage
- 3. Replication
- a. Data is stored on multiple facilities, multiple devices within each facility
- b. RRS does not replicate objects as many times as standard
- c. Synchronously stores data across multiple facilities before confirming that the data has been successfully stored
- d. Calculates checksums on all network traffic
- 4. Features
- a. Supports REST and SOAP APIs
- b. Globally unique S3 bucket names
- c. Server-side encryption of data at rest
- d. Versioning
- i. Applied to the bucket
- e. Cross-region replication (CRR)
- i. Data residency concerns
- ii. Backups in distant facilities
- iii. Specify a prefix
- f. MFA delete (via API)
- i. Require anybody deleting objects from S3 must have a MFA device
- g. Time-limited access to objects
- h. Audit logs
- i. Event notifications
- i. Sqs
- ii. Lambda
- iii. sns
- j. Data lifecycle management
- i. Archive and Expire to save costs
- ii. Archive and then Permanently delete
- iii. After a certain number of day
- k. Permissions
- i. Security
- 1. IAM policies
- a. User-level security
- b. Granular security configuration
- c. Can be controlled outside of S3
- 2. Bucket policies
- a. Bucket-level security
- b. Just specific for S3
- 3. ACLs
- a. Legacy access control mechanism
- b. Bucket and object-level security
- 4. Query-string authentication
- a. Pre-signed URLs (i.e. a URL that expires after 3 days)
- 1. IAM policies
- ii. Policy generator
- 1. Utility that will allow you to easily author policies
- 2. File format is JSON
- 3. ARN is used to specify the policy rules
- i. Security
- 5. Amazon S3 Website Hosting
- a. Set permissions to grant to everyone
- b. Redirect all requests to another host name
- i. Use a subdomain of your main domain
- ii. Bucket name has to match the domain name you are mapping to
- iii. Index document is the first page that they see
- iv. Create a CNAME to target the AWS bucket URL
Sky Cliffs 
Pingback: AWS Certified SysOps Administrator Exam: Study Guide | Sky Cliffs