Amazon S3 – Certified Solution Architect Exam Key Notes

by | Oct 4, 2016 | AWS Certified Developer – Associate Exam, AWS Certified Solutions Architect – Associate Exam, AWS S3 | 0 comments

General

  • Amazon S3 provides Internet storage. The service offers developers scalable, reliable, and low-latency storage at low costs.
  • Amazon S3 allows users to store and retrieve data at anytime, anywhere on the web. The service allows developers to build applications that use Internet storage. S3 allows developers to start small and grow as needed. It is very flexible. Any type and amount of data can be stored. You can read the same data as many times as you like or only when needed. Developers can build an FTP application or a more sophisticated web application.
  • Developers who wish to use S3 must have a Web Services account.
  • S3 allows developers to focus on innovating their business rather than worry about storage.
  • S3 allows you to store nearly any kind of data.
  • There is no limited to the volume of data and number of objects stored. Object size ranges from 0 bytes up to 5 TB. The size a single object that can be uploaded in a single put is a max of 5 GB. Customers need to upload objects over 100 MB should consider multipart upload.
  • There are many storage classes available depending on your needs. Standard is good for general storage of data that is frequently accessed. Standard-Infrequent Access is available for long-lived data that is accessed less frequently. Glacier offers archive storage for the long term. RRS is a cost reducing storage option; it stores noncritical data at lower redundancy levels.
  • Multi-object delete allows users to delete many objects in a single request. This is a free option.
  • Data is stored and tracked to associate it for billing purposes. This is reason Amazon accesses your data unless required by law.
  • The Amazon store uses S3 to store their data and relies on it for business operations.
  • S3 uses key-based store. Every time you store data, it is assigned a unique key that is used to retrieve data.
  • Users access data through a standards-based REST interface. It’s purposely designed to be simple so it’s easy to add functional layers and distribution protocols.
  • S3 provides highly reliable data storage. S3 Standards provides 99.99% availability while Standard-IA provides 99.9% availability. Both are back up by the service level agreement.
  • S3 provides read-after-write consistency for new objects and provides eventual consistency of overwrite DELETES and PUTS in all regions.
  • S3 is designed to handle any traffic for applications. It offers a pay-as-you-go pricing model with unlimited capacity. This makes sure that your costs don’t change and that your service remains uninterrupted.
  • Using the BitTorrent protocol allows developers to save enough more costs on the bandwidth of a high-demand piece of data. BitTorrent allows users to download from Amazon and other users at the same time. Any public data can be downloaded with BitTorrent simply by adding the ?torrent parameter to the end of the GET request.
  • If the availability is below the service commitment, the SLA provides a service credit in the billing cycle.
  • Customers are allowed to provide as many as 100 buckets but this default can be increased in the AWS Service Limits.

 

Regions

  • When creating an S3 bucket, users specify a region for storage. Within that region, items are stored across many devices at many facilities.
  • When selecting a region, you want one near your customers, data centres, and resources are stored; one that is remote from other business operations; one that helps you address legal and regulatory requirements; and one that provides you with the least costs.
  • Regardless of location, S3 is available. Users just decide which AWS region to use for storage of data.
  • US East Region is what was formerly named US Standard Region.

 

Billing

  • S3 doesn’t require a minimum fee and customers pay for what they use. There is a calculator to estimate monthly fees. Prices vary and are based on bucket location. Transfer between regions is charged a fee which is specified on the pricing page. No data transfer fees apply in the following instances: transferring within a region using COPY, transferring between EC2 and S3 within the same region, and transferring between EC2 Northern Virginia Region and S3 US East Region. Transferring between EC2 and S3 across other regions are charged a fee.
  • Where S3 costs are less, customer fees are less. This causes variance in costs in regions.
  • No setup fees are required. At the end of each month, you will be charged for the month’s usage. Charges for the billing period can be view on the Web Services website under account activity.
  • S3 has a free usage tier which allows users to start S3 for free. Each month, new users get 5 GB of standard storage, 20,000 Get requests, and 15 GB of transfer in and out. This offer is not available in GovCloud Region.
  • All pricing information can be viewed in the Pricing Chart. Users are charged storage fees for the storage volume and the fee is based on the average storage used in a month. This includes all object data and metadata in buckets created under an account. Data transfer is charged based on the amount of data sent to your buckets and users are charged for aggregated data transferred out to the internet in different regions.
  • Standard-IA storage has data retrieval fees associated.
  • Using S3 with the AWS Management Console are subject to the same pricing. Some requests via AWS require more than one request which would affect pricing.
  • Unless stated, prices do not include taxes. Customers with a Japanese address, using the Asia Pacific region requires the Japanese consumption tax.

 

Security

  • Only owners can access buckets and objects they created. Users have access to mechanisms which let them control access to their data. Also available is SSE or SSE-C option for encrypting data. Users can also encrypt data on your own before storing it with S3.
  • Users have access to four mechanisms for controlling access. IAM policies allow organisations with many employees to create multiple users within a single AWS account. These users can be given access to different buckets and/or objects. Bucket policies allow companies to define rules that apply across requests to their resources. ACLs let customers give specific permissions to specific users for a specific bucket or object. Query string authentication allows customers to create an URL to an object which is temporarily valid.
  • Users can configure their buckets to create logs for requests made against them. These logs can be used for auditing. They provide details about the request.
  • Customers can use SSE-S3 encryption which allows Amazon to handle the key management and protection with layers of security. SSE-C encryption allows users to use S3 to encrypt and decrypt objects while still remaining in control of the keys. SSE-KMS allows users to encryption and management of keys through AWS KMS. This allows separate permissions for using the master key. This provides more control and protects against unauthorised access of objects. AWS KMS also keeps an audit trail. Users can also use a third-party client to encrypt objects before storing them on S3.
  • SSE encryption protects objects with a unique key. Object keys are encrypted by a master key. New master keys are changed monthly at the least. Data, keys, and master keys are stored separately to ensure security.
  • Customers choosing to store data in the two EU regions are responsible for ensuring compliance with EU privacy laws.
  • A VPC endpoint exists within a VPC which allows S3 connectivity exclusively. The endpoint routes request to S3 and back to VPC.
  • Users can limit access from VPC endpoints or a group of endpoints to buckets.

 

Data Protection

  • S3 Standard, as well as Standard-IA, are both designed to give 99.999999999% durability over a given year. It is best to back up objects and put safeguards in place in case of malicious or accidental errors.
  • S3 Standard and Standard-IA stores objects on numerous devices across many facilities in a region. This is done to ensure concurrent failures by detecting and repairing lost redundancy. S3 also uses checksums to verify the data integrity. These features ensure the data durability.
  • S3 combines checksums and CRCs to detect any corruption of data. Checksums are done on data at rest; when corruption is found, repairs are made. S3 also checksums network traffic to find data packet corruption.
  • Users can use versioning to preserve, retrieve, and restore all versions of objects in a bucket. When versioning for a bucket is enabled, existing objects are preserved anytime the user performs a POST, COPY, PUT, or DELETE action on them. GET requests are defaulted to retrieve the most recent version. Older versions can be retrieved by specifying a version in your request.
  • Versioning allows extra protection of data. It allows customers to recover accidentally overwritten or deleted objects. Versioning can also allow retention and archive of data.
  • Versioning can be enabled via a setting on your S3 bucket.
  • If an object is accidentally deleted, simple requests will not retrieve the object but it is still stored in your bucket and can be manually retrieved or restored. The owner of the S3 bucket is the only person who can permanently delete an object. Users can use Lifecycle rules to manage lifetime storage and costs of versions of objects.
  • Lifecycle rules paired with versioning can be used to set up a rollback window for objects.
  • Users can further add another security layer with MFA Delete. This action requires two forms of authentication to permanently delete an object version.
  • Normal S3 rates apply to each version of an object.

 

S3 Standard – Infrequent Access

  • The S3 Standard-IA storage class is for infrequently accessed data but requires fast access when necessary. This storage class provides users with high durability, throughput, and low latency and a lower per GB storage and retrieval fee. This storage class is best for long-term storage and backup as well as data storage for disaster recovery. Standard-IA is set at the object level; it can exist alongside Standard in the same bucket. This allows users to utilise policies to transition existing objects between classes.
  • Standard-IA provides performance with the same as S3 Standard.
  • Standard-IA provides a thinner front end to ensure 99.9% availability meaning that a request failing and needing retrying a bit greater than S3 Standard.
  • Data can be put into Standard-IA by either using a PUT command or by setting lifecycle policies that transition objects from standard to standard-IA.
  • Latency and throughput should have the same performance as standard storage when using Standard-IA.
  • If changing an object’s storage class, users will be charged for a copy request and a data retrieval request.
  • Data stored as Standard-IA can be retained for a long time. When data is deleted from Standard-IA within 30 days are still charged for the full 30 days.
  • Each object stored as Standard-IA must be a minimum of 128K. Objects smaller than this will still be charged the 128K fee.
  • Objects from Standard-IA can be tiered to Glacier using lifecycle policies.

 

Amazon Glacier

  • Users can utilise Glacier for very low-cost storage for archival purposes. This service can store data for as low as $0.007 per GB per month. It is ideal for data accessed infrequently where retrieval times don’t need to be rapid.
  • Using Lifecycle rules allows users to set archive rules which set a prefix and period. The prefix sets objects that will be subjected to the rule. The time period will determine the number of days for when the object will be archived. Standard and Standard-IA objects with the prefix that have aged for the time period will be archived into Glacier. Retrieving data stored in Glacier can be done by starting a restore job via an API or the management console. The restore will take between 3 to 5 hours. Once done, data can be accessed through a GET request. Lifecycle rules can be used for any buckets even versioned ones.
  • Objects that have been archived to Glacier can only be accessed through APIs or the management console.
  • Archival and restore requests cost $0.05 per 1000 requests. Large restores start at $0.01 per GB. When restoring an object, the temporary file will reside in RRS and Glacier which means you’ll be charged storage fees for both while the object remains restored; after this, you’re charged only for Glacier storage. For items deleted before 90 days, a prorated fee of $0.03 per GB is charged.
  • Storage fees are based on average volume during the month and are measured in GB per month. Glacier adds 32 KB per object to account for Glacier’s index and metadata needed for identification and retrieval. S3 adds 8K for storage to maintain user-defined name and meta-data of objects archived to Glacier.
  • Each month, users are allowed to restore as much as 5% of S3 data stored in Glacier for free. Generally speaking, this will meet needs for backup and archive. This 5% is calculated on a daily prorated basis.
  • Deleting objects from Glacier that have been stored for more than 3 months are free. Objects deleted before this is charged a prorated fee.

 

Cross-Region Replication

  • CRR automatically replicates your data across regions. Using this feature means that every object uploaded to a bucket is replicated to a bucket in a different region which the user chooses. This allows lower-latency access to a data in different regions. This is ideal if you have any compliance requirements for data distance.
  • CRR configuration is bucket-level. CRR can be configured on a source bucket by identifying a destination bucket in another region. Enabling can be done via the AWS management console, the AWS CLI, AWK SDKs or the REST API. In order to use CRR, versioning must be enabled for both buckets.
  • Whenever you make an upload to a source bucket, CCR replicates it including the metadata and ACLs. Changes to the data, metadata, or ACLs would generate another replication. Users can choose replication of all objects uploaded or a subset of objects using a specific prefix. Any data existing in a bucket before you enable CRR will not be replicated. Users can utilise the COPY API to copy existing data to the destination bucket.
  • Lifecycle rules can be set differently for source and destination buckets.
  • Using CRR applies charges for storage, requests and data transfer applicable to S3. Objects uploaded with the multipart feature will be replicated with the same number of parts and sizes.

 

Event Notification

  • Event notifications can be set to send in response to S3 actions. These notifications can be set via SNS, SQS, or AWS Lambda.
  • Event notifications allow users to send alerts, run workflows, or perform additional actions responding to changes of your objects stored in S3. Triggers can be set to perform various actions. Also, notifications can be set by prefixes or suffixes.
  • No additional fees are charged for using event notifications. You pay for SNS or SQS usage for delivering the notification or pay AWS Lambda running fees.

 

Static Website Hosting

  • Users can utilise S3 to host a static website; it’s inexpensive, highly available, and scales to meet your traffic needs. The service availability is dependent on storage class and service credits are guaranteed via the SLA.
  • S3 is best suited for hosting websites containing static content. If your website includes server-side scripting and/or database interaction, you should consider EC2.
  • Users can store content in an S3 bucket while mapping your own domain name.
  • S3 provides web site redirects of web content for static websites. Users can set redirection rules for buckets or individual objects.
  • No extra fees are associated with static website hosting with S3. The same pricing used with S3 apply.

 

Lifecycle Management Policies

  • Lifecycle management allows users to define an object’s lifecycle using a predefined policy. This reduces storage costs. Auto migration rules can be set based on the data’s age. Lifecycle expiration policies can be set to remove objects depending on their age. Multipart upload expiration policies can also be set.
  • Lifecycle policies are managed via S3 REST API, AWS management console, AWS CLI, or AWS SDKs. Policies can be set at either the prefix or bucket level.
  • No additional fees are charged for using lifecycle policies. Transition requests are charged per object when it becomes eligible for transition based on the lifecycle rule.
  • When data ages, it may become less critical and valuable and less subjected to compliance rules. As such, S3 can create a library of policies to migrate data automatically. Rules set up can lower your storage fees and simplify managing of resources.
  • Using life cycle policies, users can set objects to be migrated to Standard-IA, archived to Glacier, or deleted after a certain time. Each rule allows you to set a time period, prefix, transition to Standard-IA or Glacier, and/or expiration. Separate rules can be set to expire all backups 90 days after creation. This ensures optimised storage and cost savings. Multiple rules for various prefixes can be set.
  • Expiration rules can be set for both versioning and non-versioning buckets.
  • Applying a lifecycle policy to expire multi-part incomplete uploads helps you save costs.

 

Amazon S3 Transfer Acceleration

  • Transfer Acceleration allows users access to fast, easy, secure file transfers over long distances between the client and your bucket. This feature lets users take advantage of CloudFront’s locations. When data arrives at an edge location, it is routed to your bucket over an optimised path.
  • You can enable this feature through the S3 console, API, or CLI. Once enabled, your PUT and GET requests can be pointed to an endpoint domain.
  • Transfer acceleration offers users full utilisation of bandwidth which minimises distance’s effect on throughput. It is designed to guarantee consistently fast transfer despite client location. Acceleration depends on bandwidth availability, source and destination distance, and packet loss rates.
  • If you transfer GBs or TBs across continents on a regular basis, you should consider transfer acceleration.
  • You are guaranteed the same security with this feature. When transfer to the edge location, no data is saved at the location.
  • Transfers through this feature are checked for speed. If transfers through this method are not faster than a regular transfer, you will not be charged for the transfer.
  • Users can utilise transfer acceleration with multipart uploads.
  • If you desire higher throughput, transfer acceleration is ideal for you. If your objects are smaller than a GB, CloudFront PUT/POST is a better choice.
  • If customers need to move large batches at once, they should use AWS Import/Export Snowball. The turnaround time is about 5-7 days.
  • If you have a private networking requirement or have access to Direct Connect exchanges, AWS Direct Connect is ideal for you.
  • Transfer acceleration can connect S3 and a third party gateway.

 

Amazon S3 and IPv6

  • IPv6 is the newest addressing mechanism which overcomes the limitations of IPv4.
  • S3 supports IPv6 which means you can connect your applications to S3 without any translation systems. IPv6 can meet compliance requirements, more easily integrate with IPv6-based applications, and also removes expensive equipment needs for translation. IPv6 also allows users to utilise source address filtering in IAM and bucket policies which expand your available options.
  • Getting started with IPv6 is done by pointing the application to a dual stack endpoint which supports IPv4 and v6. After this, no additional setup is needed. No code changes are necessary to access data. Users should examine bucket and IAM policies to make sure access is configured appropriately.
  • Access through APIs using both IPv6 and IPv4 is allowed with dual stack endpoints. The user will need to set up your client to favour IPv4 addresses.
  • No change should be evident when using IPv4 or IPv6.
  • Users can still use VPC endpoint to access S3 with IPv4.
  • IPv6 addresses will be viewable in the access logs if this feature is enabled. Configure any tools or software using logs to handle IPv6 addresses.
  • Bucket and IAM Policies that set access via IP addresses must be updated to be associated with IPv6 before switching to the dual stack endpoint. Also, users must set up policies related to specific IAM users associated with IPv6 addresses.
  • If applications are impacted by changing to IPv6, users can switch back to IPv4 any time.
  • IPv6 is not supported for website hosting, transfer acceleration, or BitTorrent access.
  • All regions except China can utilise IPv6.

 

180 Practice Exam Questions – Get Prepared for your Exam Day!

Our Exam Simulator with 180 practice exam questions comes with comprehensive explanations that will help you prepare for one of the most sought-after IT Certifications of the year.  Register Today and start preparing for your AWS Certification.

Close Popup

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.

I accept My Preferences
Privacy Center Cookie Policy
Close Popup
Privacy Settings saved!
Privacy Settings

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. Control your personal Cookie Services here.

Necessary Privacy Center Privacy Policy Cookie Policy
These cookies are necessary for the website to function and cannot be switched off in our systems.
Technical Cookies
In order to use this website we use the following technically required cookies
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec
WooCommerce
We use WooCommerce as a shopping system. For cart and order processing 2 cookies will be stored. This cookies are strictly necessary and can not be turned off.
  • woocommerce_cart_hash
  • woocommerce_items_in_cart
Decline all Services
Save
Accept all Services
Open Privacy settings