1. Home
  2. Training Library
  3. Storage (SAA-C02)

Summary

Contents

keyboard_tab
AWS Storage
1
EFS in Practice
17
Summary
7m 23s
Amazon EC2
Amazon Elastic Block Store (EBS)
Optimizing Storage
20
23
Summary
2m 18s
SAA-C02- Exam Prep

The course is part of this learning path

Start course
Overview
Difficulty
Beginner
Duration
2h 57m
Students
29
Ratings
5/5
starstarstarstarstar
Description

This section of the Solution Architect Associate learning path introduces you to the core storage concepts and services relevant to the SAA-C02 exam. We start with an introduction to the AWS storage services, understand the options available and learn how to select and apply AWS storage services to meet specific requirements. 

Want more? Try a lab playground or do a Lab Challenge

Learning Objectives

  • Obtain an in-depth understanding of Amazon S3 - Simple Storage Service
  • Get both a theoretical and practical understanding of EFS
  • Learn how to create an EFS file system, manage EFS security, and import data in EFS
  • Learn about EC2 storage and Elastic Block Store
  • Learn about the services available in AWS to optimize your storage
Transcript

Hello and welcome to this final lecture that will highlight some of the key points that were discussed throughout this course. I started the course by discussing what the Elastic File System is and does. Within this first lecture, I looked at the following points: EFS provides simple scalable file storage for use with Amazon EC2 instances. Amazon Elastic File Storage or EFS is considered a file-level storage and is also optimized for load latency access. 

EFS supports access by multiple EC2 instances and it can meet the demands of tens, hundreds, or even thousands of EC2 instances concurrently. It uses standard file-system semantics such as locking files, renaming files, updating them, and using a hierarchical structure. EFS provides the ability for users to browse cloud network resources. EC2 instances can be configured to access Amazon EFS instances using configured mount points, and mount points can be created in multiple availability zones. 

EFS is a fully managed, highly available and durable service. And EFS uses standard operating system APIs, so any application that is designed to work with standard operating system APIs, will work with EFS. It supports both NFS versions 4.1 and 4.0 and the EFS file system is also regional. 

Now, following this lecture, we looked at storage classes and performance options. And during this lecture, I covered the following: Amazon EFS offers two different storage classes, which offer different levels of performance and costs. These being Standard and Infrequent Access, known as IA. The standard storage class is the default storage class used, and Infrequent Access is used to store data that is rarely accessed but provides a cost reduction on your storage. IA access results in an increased first-spike latency impact when both reading and writing data when compared to that of Standard storage class. 

IA charges for the amount of space used and for each read and write you make to the storage class, whereas standard storage only charges for the amount of storage space used per month. EFS lifecycle management will automatically move data between storage classes based upon file access. If a file has not been read or written to for over 30 days, EFS lifecycle management will move the data to the IA storage class to save on costs. 

When the file is accessed again, the 30-day timer is reset, and it is moved back to the standard storage class. The EFS lifecycle management will not move data below 128K in size, or any metadata. EFS supports two performance modes, General Purpose and Max I/O. General Purpose is a default performance mode and is used for most use cases, offering all-round performance and low-latency file operation. General Purpose allows only up to 7,000 file system operations per second, whereas Max I/O offers virtually unlimited amounts of throughput and IOPS. Max I/O file operation latency will be reduced compared to General Purpose. EFS provides a CloudWatch metric, percent IO limit, which allows you to view your operations per second as a percentage of the top 7,000 limit. 

Now, EFS also supports two throughput modes, Bursting Throughput and Provision Throughput. Bursting Throughput, which is the default mode, scales as your file system grows. EFS credits are accumulated during periods of low-latency activity, operating below the baseline rate of throughput, set at 50 mebibytes per tebibyte of storage used. Every file system can reach its baseline throughput 100% of the time, and using EFS credits allows it to burst above the baseline limit.  Credits can be monitored with a CloudWatch metric of BurstCreditBalance, and Provisioned Throughput allows you to burst above your allocated allowance. However, this option does incur additional charges. 

Next, I performed a demonstration on how to create an elastic file system, and I looked at points relating to mount targets, lifecycle management, throughput modes, performance modes, and encryption. On completion of the creation of the EFS file system, I looked at how you could mount it. In this lecture, I explained that EFS offers two methods to connect your Linux-based EC2 instances to your EFS file system. You can use the Linux NFS client or the EFS mount helper. The EFS mount helper is a utility installed on your EC2 instance. The EFS mount helper was designed to simplify the entire mount process, and provides locking capabilities to help with any troubleshooting. The EFS mount helper requires a number of prerequisites, these being: the creation of your EFS file system and mount targets, you must have an EC2 instance running with the EFS mount helper installed, your EC2 instance must reside in a VPC and configured with Amazon DNS servers with DNS hostnames enabled, security groups must be configured to allow the NFS file system NFS access to your Linux instance, and you must be able to connect to your Linux instance. I then performed a demonstration on how to perform the mount process using the EFS mount helper. 

I then moved my focus onto security, and looked at some of the security aspects of EFS. Within this lecture, I looked at IAM policies and encryption, and covered the following points:

  • To create your EFS file system, you need to have allow access to the following actions:
elasticfilesystem:CreateFileSystem
elasticfilesystem:CreateMountTarget   
ec2:DescribeSubnet
ec2:CreateNetworkInterface
ec2:DescribeNetworkInterfaces 

and here is a sample policy showing those actions: 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid" : "PermissionToCreateEFSFileSystem",  
      "Effect": "Allow",
      "Action": [
        "elasticfilesystem:CreateFileSystem",
        "elasticfilesystem:CreateMountTarget"
      ],
      "Resource": "arn:aws:elasticfilesystem:region-id:file-system/*"
    },
    {
     "Sid" : "PermissionsRequiredForEC2",
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeSubnets",
        "ec2:CreateNetworkInterface",
        "ec2:DescribeNetworkInterfaces"
      ],
      "Resource": "*"
    }
  ]
} 
  • To manage EFS using the AWS management console, you'll also need the following permissions:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid" : "Stmt1AddtionalEC2PermissionsForConsole",  
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeAvailabilityZones",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeVpcs",
        "ec2:DescribeVpcAttribute"
 
      ],
      "Resource": "*"
    }
    {
     "Sid" : "Stmt2AdditionalKMSPermissionsForConsole",
      "Effect": "Allow",
      "Action": [
        "kms:ListAliases",
        "kms:DescribeKey"
      ],
      "Resource": "*"
    }
  ]
}
  • EFS supports both encryption at rest and in transit
  • Encryption at rest is enabled via a checkbox when using the Management Console
  • Encryption at rest uses the Key Management Service, known as KMS, to manage your encryption keys
  • Encryption in transit is enabled by utilizing the Transport Layer Security (TLS) protocol when you perform your mounting of your EFS file system
  • It is best to use the EFS mount helper to implement encryption in transit
  • The mount helper will create a client stunnel process using TLS version 1.2
  • The stunnel process listens for any traffic using NDS which it then redirects to the encrypted port

In the final lecture of the course, I looked at how you can import data into your EFS file system, and during this lecture, I explained that the recommended course of action is to use AWS DataSync to import data. Now,  AWS DataSync is designed to securely move and migrate and synchronize data from your existing on-premises site into AWS storage services. Data transfer can be accomplished over a Direct Connect link, or over the internet. To sync files from your on-premises environment, you must download the DataSync agent. You then need to configure the agent with a source and destination target, and DataSync can also transfer files between EFS file systems. 

That now brings me to the end of this lecture, and to the end of this course. You should now have an understanding of the AWS Elastic File System and how it can be used as file storage within your AWS environment. If you'd like some hands-on experience with EFS, then please take a look at the following lab: https://cloudacademy.com/lab/introduction-elastic-file-system/.

If you have any feedback on this course, positive or negative, it would be greatly appreciated if you could contact support@cloudacademy.com. Thank you for your time, and good luck with your continued learning of cloud computing. Thank you.

About the Author
Avatar
Stuart Scott
AWS Content & Security Lead
Students
140303
Labs
1
Courses
120
Learning Paths
87

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 90+ courses relating to Cloud reaching over 100,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.