SIMPLE STORAGE SERVICE (S3)
S3 Security (Resource Policies & ACLs) (18:19)
S3 is private by default
S3 Bucket Policies
/00_LEARNINGAIDS/S3Security-1.png)
S3 Bucket Polices support different accounts & anonymous principles
S3 Bucket Polices - Condition
S3 Bucket Polices - Deny - Allow - Deny
[Legacy] Access Control Lists (ACLS)
/00_LEARNINGAIDS/S3Security-2.png)
Block Public Access
Identity Policies - Bucket Polices - ACLs
S3 Static Hosting (10:36)
what is the normal access to s3 object?
Via AWS APIs.
what is s3 website endpoint?
The endpoint to access the S3 bucket via HTTP.
/00_LEARNINGAIDS/S3StaticHosting-1.png)
Out-of-band pages
[DEMO] Creating a static website with S3 (17:55)
Object Versioning & MFA Delete (7:41)
Object Versioning cannot be switched off
Object Versioning: store multiple versions of objects
Object Versioning: DeleteMaker & Version delete
Object Versioning: All versions will be billed
Object Versioning: MFA for suspending bucket versioning and deleting object versions
[DEMO] - S3 Versioning (15:45)
S3 Performance Optimization (11:42)
/00_LEARNINGAIDS/S3Performance-1.png)
Global Architecture
/00_LEARNINGAIDS/S3Performance-2.png)
Single PUT Upload
/00_LEARNINGAIDS/S3Performance-3.png)
Multipart Upload
/00_LEARNINGAIDS/S3Performance-4.png)
S3 Transfer Acceleration
what is s3 transfer acceleration?
[DEMO] - S3 Performance (5:06)
Key Management Service (KMS) (18:38)
__le.png)
Key Management Service (KMS)
__le.png)
KMS Keys
__le.png)
CreateKey & Encrypt using KMS
__le.png)
Decrypt using KMS
__le.png)
Data Encryption Keys (DEKs)
__le.png)
KMS Keys - Key Concepts
/00_LEARNINGAIDS/KMS-3.png)
Key Policies and Security
[DEMO] KMS - Encrypting the battleplans with KMS (12:43)
S3 Object Encryption CSE/SSE (23:31)
S3 Bucket aren’t encrypted
/00_LEARNINGAIDS/S3Encryption-1.png)
CSE vs SSE
SSE-C / SSE-S3 / SS3-KMS
SSE-C
SSE-S3 👈 Default
what is the biggest drawback of ss3-s3?
The admin can see the content.
SSE-KMS
S3 Object Encryption - Summary
[DEMO] Object Encryption and Role Separation (14:50)
S3 Bucket Keys (5:59)
S3 without Bucket Keys
S3 with Bucket Keys
S3 Bucket Keys - Notes
S3 Object Storage Classes - PART1 (9:23)
/00_LEARNINGAIDS/S3StorageClasses-1.png)
S3 Storage Classes - S3 Standard
/00_LEARNINGAIDS/S3StorageClasses-2.png)
S3 Storage Classes - S3 Standard - IA
/00_LEARNINGAIDS/S3StorageClasses-3.png)
S3 Storage Classes - S3 One Zone - IA
S3 Object Storage Classes - PART2 (11:41)
/00_LEARNINGAIDS/S3StorageClasses-4.png)
S3 Storage Classes - S3 Glacier - Instant
/00_LEARNINGAIDS/S3StorageClasses-5.png)
S3 Storage Classes - S3 Glacier - Flexible
/00_LEARNINGAIDS/S3StorageClasses-6.png)
S3 Storage Classes - S3 Glacier - Deep Archive
/00_LEARNINGAIDS/S3IntelligentTiering.png)
S3 Storage Classes - S3 Intelligent-Tiering
S3 Lifecycle Configuration (8:13)
S3 Lifecycle Configuration
/00_LEARNINGAIDS/S3LifeCycle.png)
S3 Lifecycle Configuration - Transition
S3 Replication (13:59)
Cross-Region Replication (CRR) & Same-Region Replication (SRR)
Replication can be between different accounts
S3 Replication Options - RTC
S3 Replication - Considerations
Why use S3 replication?
[DEMO] Cross-Region Replication of an S3 Static Website (19:52)
S3 PreSigned URLs (11:11)
/00_LEARNINGAIDS/S3PresignedURL-1.png)
Why use Presigned URL?
/00_LEARNINGAIDS/S3PresignedURL-2.png)
Presigned URL works with both Upload and Download
/00_LEARNINGAIDS/S3PresignedURL-3.png)
Apps can use Presigned URL to provide access to Media Bucket
Presigned URL - Gotchas
[DEMO] Creating and using PresignedURLs (18:23)
S3 Select and Glacier Select (5:32)
/00_LEARNINGAIDS/S3andGlacierSelect.png)
S3 Events (4:32)
/00_LEARNINGAIDS/S3EventNotifications.png)
S3 Access Logs (3:05)
/00_LEARNINGAIDS/S3AccessLogs.png)
S3 Access Logs
S3 Object Lock (9:52)
S3 Object Lock - Write-Once-Read-Many (WORM)
S3 Object Lock - Retention (Compliance / Governance)
S3 Object Lock - Legal Hold
S3 Object Lock - Summary
S3 Access Points (5:52)
Each S3 Access Points is a “mini S3 bucket”
S3 Access Points’ DNS, policies & endpoint polices