Increasing Your Security Posture when Using Amazon S3
S3 Encryption Mechanisms
Amazon S3 Lifecycle Configurations
Introduction to Amazon EFS
EFS in Practice
Amazon Elastic Block Store (EBS)
AWS Storage Gateway
Performance Factors Across AWS Storage Services
The course is part of this learning path
This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the core storage concepts and services relevant to the SAP-C02 exam. We start with an introduction to AWS storage services, understand the options available, and learn how to select and apply AWS storage services to meet specific requirements.
- Obtain an in-depth understanding of Amazon S3 - Simple Storage Service
- Learn how to improve your security posture in S3
- Get both a theoretical and practical understanding of EFS
- Learn how to create an EFS file system, manage EFS security, and import data in EFS
- Learn about EC2 storage and Elastic Block Store
- Learn about the different performance factors associated with AWS storage services
Hello and welcome to this lecture where I will introduce the Amazon Simple Storage Service, commonly known as S3. Amazon S3 is probably the most heavily used storage service that is provided by AWS simply down to the fact that it can be a great fit for many different use cases, as well as integrating with many different AWS services. Amazon S3 is a fully managed, object-based storage service that is highly available, highly durable, very cost-effective, and widely accessible.
The service itself is promoted as having unlimited storage capabilities making Amazon S3 extremely scalable, far more scalable than your own on-premise storage solution could ever be. There are, however, limitations on the individual size of a single file that it can support. The smallest file size that it supports is zero bytes and the largest file size is five terabytes. Although there is this size limitation on a maximum file size, it's one that many of us will not perceive as an ongoing inhibitor in the majority of use cases.
The service operates an object storage service which means each object uploaded does not conform to a data structure hierarchy like a file system would, instead its architecture exists across a flat address space and is referenced by a unique URL. Now, if you compare this to file storage, where your data is stored as separate files within a series of directories forming a data structure hierarchy much like your own files are on your own laptop or computer then S3 is very different in comparison. S3 is a regional service and so when uploading data you as the customer are required to specify the regional location for that data to be placed in.
By specifying your region for your data Amazon S3 will then store and duplicate your uploaded data multiple times across multiple availability zones within that region to increase both its durability and availability. For more information on regional availability zones and other AWS global infrastructure components, please see the following blog here. Objects stored in S3 have a durability of ninety-nine point nine nine nine nine nine nine nine nine nine percent, known as eleven nines of durability and so the likelihood of losing data is extremely rare and this is down to the fact that S3 stores multiple copies of the same data in different availability zones. The availability of S3 data objects is dependent on the storage class used and this can range from 99.5% to 99.99%.
The difference between availability and durability is this: when looking at availability AWS ensures that the uptime of Amazon S3 is between 99.5% to 99.99%, depending on the storage class, to enable you to access your stored data. The durability percentage refers to the probability of maintaining your data without it being lost through corruption, degradation of data, or other unknown potential damaging effects. When uploading objects to Amazon S3, a specific structure is used to locate your data in the flat address space.
To store objects in S3, you first need to define and create a bucket. You can think of a bucket as a container for your data. This bucket name must be completely unique, not just within the region you specify, but globally against all other S3 buckets that exist, of which there are many millions. And this is because of the flat address space, you simply can't have a duplicate name. Once you have created your bucket you can then begin to upload your data within it. By default your account can have up to a hundred buckets, but this is a soft limit and a request to increase this can be made with AWS. Any object uploaded to your buckets are given a unique object key to identify it.
In addition to your bucket, you can if required create folders within the bucket to aid with categorization of your objects for easier data management. Although folders can provide additional management from a data organization point of view, I want to reiterate that Amazon S3 is not a file system and many features of Amazon S3 work at the bucket level and not a specific folder level and so the unique object key for every object contains the bucket, any folders that are present, and also the name of the file itself. Let me now provide a quick overview via a demonstration of the Amazon S3 console and I'll show you how to create a bucket within the service and upload an object to that bucket and then show you the unique object key of that object. Okay so I'm currently logged into my AWS management console and I can find amazon S3 under the storage category which is down here. So if I select S3 and this has taken me to the S3 dashboard.
Now up here we have our buckets and this list that we have here are a list of buckets that I have already created in my account so this is the bucket name which is the unique bucket identifier. And over here we have the region in which that bucket exists in, so we have some in London some in Ireland some over in US as well, and also, the date created. Over here we have access whether these buckets can be accessed by the public or not. I'm not going to dive too deep into access and security the buckets at this stage, as this is just more of an introduction to give you an overview of the console, but we do have other courses that focus on security.
Now, if I go into one of these buckets, for example, this one here cloudacademyaudio, we can see that I have created a folder in here called Stuart. There's no other objects, it's just a folder we can see that by this little icon here, so there's no actual objects in here, this is just a folder that I created just to help me manage and categorize any objects that I do upload. If I select that folder, I can see I have two more folders here. If I go into this one, for example, I can see that I have an object I have a PNG file. So this is an object that I have uploaded to S3 and we can see that it's in the courses folder under Stuart under the cloudacademyaudio bucket.
Now, if I select this object, I can get some information about it. I can open it and download it etc. We can see the last time it was modified, the storage class that it belongs to, and I'll be talking more about storage classes in the next lecture, if there's any encryption at rest activated, the file size, and here is the unique identifier of the key for this object. So we can see that the key comprises of any folders within the bucket and then also the object name at the end. And this here is the unique identifier of this object on S3, so it gives it a URL.
Now if I want to open this I can simply click on open and as we can see, it's just an image file, or I can download the object if I want to. So I just wanted to show you there how you can use folders within your bucket and also what the object key looks like as well. So now if I go back to the console, the main dashboard where all my buckets are, I want to show you how to create a bucket quickly. It's very simple simply click on create bucket, then we need to give it a unique bucket name.
Now remember, this has to be a globally unique name, so if I type in stubucketdemo and then I can select a region that I want this bucket to be in, I'm just going to select the London region, and if I want to, I can copy settings from an existing bucket, but it's going to go through the different screens to show you the options quickly that you can have when you're creating a bucket. Click on Next. Here's some management, we have some management options such as versioning and server access logging. Versioning keeps all versions of an object in the same bucket and server access logging logs requests for access to your bucket. You can also use key value pair tags, you can activate object level logging which will record any API activity with CloudTrail associated with your objects and you can also encrypt your objects as well. I'm just gonna leave all those options as default for this demonstration. Click on next.
Here we can set different permissions, I'm just gonna leave the default block all public access so this will prevent anyone from outside of my VPC accessing any data within my bucket. Click on next. We just have a review of the settings that we selected and then all you need to do is click on create bucket. So if I scroll down to my bucket that I just created, which was stubucketdemo. If I select that, we can see here that I've got no folders and no objects. So if you want to create a folder, you simply click on create folder, just give it a name. If you want to add any encryption you can do so here. I'm just going to use none as a default. Now, I can either add an object directly under this bucket or I can add it into that folder. Let me just add it directly under the bucket name of stubucketdemo.
So to upload an object you simply click on upload, add files, select your object that you'd like to upload or objects, click on next, you know we have some permissions here as to who can read or write to the object, and as we can see here, we have the block public access setting turned on for this bucket. Click on next. Now here we have our storage classes and depending on what storage class we select it will affect the durability, the availability, and also the cost of your object being stored. Now, I'm gonna go deeper into the different storage classes in the next lecture so I won't go over this too deep now. For the sake of this demonstration I'm just going to select the standard storage class.
Then we have a review page and then simply upload. And then we have my object that's been uploaded to my bucket. Again, if I select it, I can see the object key and also the unique object URL as well. So that's just a very quick demonstration to show you what the S3 console looks like, how to create buckets, how to create folders, and also upload objects as well, just so hopefully you can piece things together a little bit easier if you've not used Amazon S3 before.
Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.