Source: https://www.youtube.com/watch?v=Ia-UEYYR44s
Simple Storage Service (S3)
What is Object Storage (Object-based Storage)?
- Data storage architecture that manages data as objects, as opposed to other storage architectures:
- File systems which manages data as a files and fire hierarchy, and
- Block storage which manages data as blocks within sectors and tracks.
- S3 provides you with unlimited storage. You donβt need to think about the underlying infrastructure
- The S3 Console provides an interface for you to upload and access your data S3 Object S3 Bucket
S3 Objects
- S3 Objects contain your data. They are like files.
- Object may consist of:
- Key: this is the name of the object
- Value: the data itself made up of a sequence of bytes
- Version: ID when versioning enabled, the version of object
- Metadata: Additional information attached to the object
S3 Buckets
- Buckets hold objects. Buckets can also have folders which in turn hold objects
- S3 is a universal namespace so bucket names must be unique (think like having a domain name)
Storage Classes
- Suited for different needs: https://aws.amazon.com/s3/storage-classes/
S3 Security
- All new buckets are private by default
- Logging per request can be turned on, and the log file is stored on another bucket - on another AWS account if needed.
- Access Control Lists (ACLs, deprecated but not obsolete) β> Controls access to buckets
- Bucket Policies β> Defines complex rules
S3 Encryption
- Encryption In Transit: Traffic between your local host and S3 is achieved via SSL/TLS
- Server Side Encryption (SSE) - Encryption At Rest
- Amazon help you encrypt the object data
- S3 Managed Keys - (Amazon manages all the keys)
- SSE-AES S3 handles the key, uses AES-256 algorithm
- SS-KMS Envelope encryption, AWS KMS and you manage the keys
- SSE-C Customer provided key (you manage the keys)
- Client-Side Encryption
- You encrypt your own files before uploading them to S3
====================================================================
Virtual Private Cloud (VPC)
- Your own personal data space. Gives complete control over virtual networking environment.