FAQ - √
- 99.99% availability
- durability 11x9's
- object based storage
- 0b - 5 Tb
- unlimited storage
- names must be unique globally
- https://s3-%region%.amazonaws.com/%bucket_name%
- can't be disabled (but possible to suspend)
- delete marker (if you delete "delete marker" - it will restore object)
- MFA delete
You can use CRR to provide lower-latency data access in different geographic regions.
- only new objects will be replicated
- only between different regions
- no replication to multiple buckets
- delete markers are replicated
- deleting versions/markers are not replicated
- read after write consistency for PUTS of new objects
- read immediately after write
- eventual consistency for overwrite PUTS and DELETES (can take some time to propagate)
- key
- name of file, add hash in file name for storin
- value (data)
- version ID
- metadata
- subresources
- access control lists
- torrent
An Amazon VPC Endpoint for Amazon S3 is a logical entity within a VPC that allows connectivity only to S3. The VPC Endpoint routes requests to S3 and routes responses back to the VPC. For more information about VPC Endpoints, read Using VPC Endpoints.
You can directly PUT into S3 Standard-IA by specifying STANDARD_IA in the x-amz-storage-class header
For S3 Standard, S3 Standard-IA, and Amazon Glacier storage classes, your objects are automatically stored across multiple devices spanning a minimum of three Availability Zones. This remains true in Regions where fewer than three AZs are publicly available.
99.99% availability, 11x9 durability, can sustain loss of 2 facilities
Accessed less frequently, but requires rapid access when needed. Lower fee than S3, but you are charged a retrieval fee
99.99% durability. 99.99% availability of object over a given year. Can sustain loss of single facility
very cheap, archival. 3-5 hours to restore from Glacier. $0.01 per gig.
You can retrieve 10GB of your Amazon Glacier data per month for free with the AWS free tier
A vault is a way to group archives together in Amazon Glacier
A vault access policy is a resource-based policy that you can attach directly to your Glacier vault (the resource) to specify who has access to the vault and what actions they can perform on it
Select is a feature that allows you to run queries on your data stored in Amazon Glacier, without the need to restore the entire object to a hotter tier like Amazon S3
- storage
- requests
- storage management pricing
- data transfer pricing. Ingress is free.
users -> cloudfront edge -> S3
S3 Transfer Acceleration leverages Amazon CloudFront’s globally distributed AWS Edge Locations. As data arrives at an AWS Edge Location, data is routed to your Amazon S3 bucket over an optimized network path.
If you have objects that are smaller than 1GB or if the data set is less than 1GB in size, you should consider using Amazon CloudFront's PUT/POST commands for optimal performance.
- in transit
- SSL/TLS
- at rest
- Client side
- Server side
- SSE-S3 S3 Managed keys (each object have unqiue key, key encrypted by master key, which is rotated by AWS)
- SSE-KMS Managed keys, user manages keys, audit trail
- SSE-C (Customer provided keys)
- can be used with versioning
- can be applied to current and previous versions
actions:
- transition to stadard-IA (128 kb and 30 days after creatinon)
- archive to glacier (30 days after IA)
- expire (permanently delete)
bucket name == domain-name
в route53 указать endpoint для S3 (причем endpoint для каждого региона свой)
http://bucketname.s3-website-%region%.amazonaws.com
бакет источник разрешает других страницам загружать эти ресурсы.
With Storage Class Analysis, you can analyze storage access patterns and transition the right data to the right storage class. You can configure a Storage Class Analysis policy to monitor an entire bucket, prefix, or object tag.
The S3 Inventory report provides a scheduled alternative to Amazon S3’s synchronous List API. You can configure S3 Inventory to provide a CSV or ORC file output of your objects and their corresponding metadata on a daily or weekly basis for an S3 bucket or prefix.
- Bucket policy
- Access control lists
Access logs -> another S3 bucket