How Websites Work ?

Just like When you are sending a post mail

What is a Server composed of ?

IT Terminology :
• Network: cables, routers and servers connected with each
other
• Router: A networking device that forwards data packets
between computer networks. They know where to send your
packets on the internet!
• Switch: Takes a packet and send it to the correct server /
client on your network.

Traditionally how to build Infrastructure :

Problems with traditional IT approach :

• Pay for the rent for the data center

• Pay for power supply, cooling, maintenance
• Adding and replacing hardware takes time
• Scaling is limited
• Hire 24/7 team to monitor the infrastructure
• How to deal with disasters? (earthquake, power
shutdown, fire…)

Can we Externalize all this ?

➢ Yes with the help of Cloud.
What is Cloud Computing ?

• Cloud computing is the on-demand delivery of compute

power, database storage, applications, and other IT resources
• Through a cloud services platform with pay-as-you-go
pricing
• You can provision exactly the right type and size of
computing resources you need
• You can access as many resources as you need, almost
instantly
• Simple way to access servers, storage, databases and a set
of application services
• Amazon Web Services owns and maintains the network-
connected hardware required for these application services,
while you provision and use what you need via a web
application.
You have been using some Cloud
Services :

Gmail
➢Email cloud service.
➢Pay for only your emails
Stored.

Dropbox
➢Cloud storage service.
➢Originally built on AWS.

Netflix
➢Built on AWS.
➢Videos on Demand.
The Deployment Models of Cloud

Private Cloud :
• Cloud services used by a single organization, not exposed to
the public.
• Complete control
• Security for sensitive applications
• Meet specific business needs

Public Cloud :
• Cloud resources owned and operated by a third party cloud
service provider delivered over the Internet.
• Six Advantages of Cloud Computing
Hybrid Cloud :

• Keep some servers on premises and extend some

capabilities to the Cloud
• Control over sensitive assets in your private infrastructure
• Flexibility and cost effectiveness of the public cloud
The Five Characteristics of Cloud
Comptuing

• On-demand self service:

• Users can provision resources and use them without human
interaction from the service provider

• Broad network access:

• Resources available over the network, and can be accessed by diverse client
platforms

• Multi-tenancy and resource pooling:

• Multiple customers can share the same infrastructure and applications with
security and privacy
• Multiple customers are serviced from the same physical resources

• Rapid elasticity and scalability:

• Automatically and quickly acquire and dispose resources when needed
• Quickly and easily scale based on demand

• Measured service:
• Usage is measured, users pay correctly for what they have used
Six Advantages of Cloud Computing

• Trade capital expense (CAPEX) for operational

expense (OPEX) :
• Pay On-Demand: don’t own hardware
• Reduced Total Cost of Ownership (TCO) & Operational Expense
(OPEX)

• Benefit from massive economies of scale :

• Prices are reduced as AWS is more efficient due to large scale

• Stop guessing capacity :

• Scale based on actual measured usage

• Increase speed and agility

• Stop spending money running and maintaining data

centers

• Go global in minutes: leverage the AWS global

infrastructure
Problems solved by the Cloud

• Flexibility: change resource types when needed

• Cost-Effectiveness: pay as you go, for what you

use

• Scalability: accommodate larger loads by

making hardware stronger or adding additional
nodes

• Elasticity: ability to scale out and scale-in when

needed

• High-availability and fault-tolerance: build

across data centers

• Agility: rapidly develop, test and launch

software applications
Types of Cloud Computing

• Infrastructure as a Service (IaaS)

• Provide building blocks for cloud IT
• Provides networking, computers, data storage space
• Highest level of flexibility
• Easy parallel with traditional on-premises IT

• Platform as a Service (PaaS)

• Removes the need for your organization to manage the underlying
infrastructure
• Focus on the deployment and management of your applications

• Software as a Service (SaaS)

• Completed product that is run and managed by the service provider
Examples of Cloud Computing types

• Infrastructure as a Service:
• Amazon EC2 (on AWS)
• GCP, Azure, Rackspace, Digital Ocean, Linode

• Platform as a Service:
• Elastic Beanstalk (on AWS)
• Heroku, Google App Engine (GCP), Windows Azure (Microsoft)

• Software as a Service:
• Many AWS services (ex: Rekognition for Machine Learning)
• Google Apps (Gmail), Dropbox, Zoom
Pricing of the Cloud – Quick Overview

AWS has 3 Pricing Fundamentals, following

the pay-as-you-go pricing model

• Compute:
• Pay for compute time

• Storage:
• Pay for data stored in the Cloud

• Data transfer OUT of the Cloud:

• Data transfer IN is FREE
AWS Cloud History

AWS Cloud Number Facts :

• In 2019, AWS had $35.02 billion in annual revenue
• AWS accounts for 47% of the market in 2019 (Microsoft is 2nd with 22%)
• Pioneer and Leader of the AWS Cloud Market for the 9th consecutive year
• Over 1,000,000 active users
AWS Cloud Use Cases

• AWS enables you to build sophisticated, scalable

applications

• Applicable to a diverse set of industries

• Use cases include

• Enterprise IT, backup & Storage, Big Data analytics

• Website hosting, Mobile & Social Apps
• Gaming
AWS Global Infrastructure

• AWS Regions
• AWS Availability Zones
• AWS Data Centers
• AWS Edge Locations / Points of Presence
AWS Regions

• AWS has Regions all around the world

• Names can be us-east-1, eu-west-3…
• A region is a cluster of data centers
• Most AWS services are region-scoped
How to choose an AWS Region?

• Compliance with data governance and legal

requirements: data never leaves a region without your
explicit permission

• Proximity to customers: reduced latency

• Available services within a Region: new services and

new features aren’t available in every Region

• Pricing: pricing varies region to region and is

transparent in the service pricing page
AWS Availability Zones

• Each region has many availability zones (usually 3, min is 3, max is 6).
Example: • ap-southeast-2a
• ap-southeast-2b
• ap-southeast-2c

• Each availability zone (AZ) is one or more discrete data centers with
redundant power, networking, and connectivity

• They’re separate from each other, so that they’re isolated from disasters

• They’re connected with high bandwidth, ultra-low latency networking

AWS Points of Presence ( Edge
Locations )

• Amazon has 400+ Points of Presence (400+ Edge

Locations & 10+ Regional Caches) in 90+ cities
across 40+ countries

• Content is delivered to end users with lower

latency
Shared Responsibilty Model
Diagram

Costumer
Responsibility IN the Cloud

AWS
Responsibility OF the Cloud
AWS Acceptable Use Policy

• No Illegal, Harmful, or Offensive Use or Content

• No Security Violations

• No Network Abuse

• No E-Mail or Other Message Abuse

 IAM
SECTION
IAM Users and Groups

• IAM = Identity and Access Management, Global

service
• Root account created by default, shouldn’t be used or
shared
• Users are people within your organization, and can be
grouped
• Groups only contain users, not other groups
• Users don’t have to belong to a group, and user can
belong to multiple groups
IAM Permissions

• Users or Groups can be assigned JSON

documents called policies
• These policies define the permissions of the
users
• In AWS you apply the least privilege
principle: don’t give more permissions than a
user needs
IAM Policies Inheritance

IAM Password Policy

• Strong passwords = higher security for your account
• In AWS, you can setup a password policy:
• Set a minimum password length
• Require specific character types:
• including uppercase letters
• lowercase letters
• numbers
• non-alphanumeric characters
• Allow all IAM users to change their own passwords
• Require users to change their password after some time (password
expiration)
• Prevent password re-use
 Multi Factor
Authentication – MFA

• Users have access to your account and can possibly

change configurations or delete resources in your AWS
account

• You want to protect your Root Accounts and IAM

users

• MFA = password you know + security device you own

• Main benefit of MFA: if a password is stolen or

hacked, the account is not compromised
MFA Devices options in AWS

How can Users access AWS ?

• To access AWS, you have three options:
• AWS Management Console (protected by password + MFA)
• AWS Command Line Interface (CLI): protected by access keys
• AWS Software Developer Kit (SDK) - for code: protected by access keys

• Access Keys are generated through the AWS Console

• Users manage their own access keys
• Access Keys are secret, just like a password. Don’t share them
IAM Roles for Services

• Some AWS service will need to perform actions on your

behalf

• To do so, we will assign permissions to AWS services with

IAM Roles

• Common roles:
• EC2 Instance Roles
• Lambda Function Roles
• Roles for CloudFormation
IAM Guidelines and Best
Practices

• Don’t use the root account except for AWS

account setup
• One physical user = One AWS user
• Assign users to groups and assign permissions to
groups
• Create a strong password policy
• Use and enforce the use of Multi Factor
Authentication (MFA)
• Create and use Roles for giving permissions to
AWS services
• Use Access Keys for Programmatic Access (CLI /
SDK)
• Audit permissions of your account using IAM
Credentials Report & IAM Access Advisor
• Never share IAM users & Access Keys
Shared Responsibility Model for IAM

AWS
• Infrastructure (global network security)
• Configuration and vulnerability analysis
• Compliance validation

YOU
• Users, Groups, Roles, Policies management and monitoring
• Enable MFA on all accounts
• Rotate all your keys often
• Use IAM tools to apply appropriate permissions
• Analyze access patterns & review permissions

IAM Section
• Users: mapped to a physical user, has a password for AWS Console
• Groups: contains users only
• Policies: JSON document that outlines permissions for users or groups
• Roles: for EC2 instances or AWS services
• Security: MFA + Password Policy
• AWS CLI: manage your AWS services using the command-line
• AWS SDK: manage your AWS services using a programming language
 EC2
SECTION
Amazon EC2

• EC2 is one of the most popular of AWS’ offering

• EC2 = Elastic Compute Cloud = Infrastructure as
a Service

• It mainly consists in the capability of :

• Renting virtual machines (EC2)
• Storing data on virtual drives (EBS)
• Distributing load across machines (ELB)
• Scaling the services using an auto-scaling group (ASG)

• Knowing EC2 is fundamental to understand how the

Cloud works
EC2 Sizing and Configuration options

• Operating System (OS): Linux, Windows or Mac

OS

• How much compute power & cores (CPU)

• How much random-access memory (RAM)

• How much storage space:

• Network-attached (EBS & EFS)
• hardware (EC2 Instance Store)

• Network card: speed of the card, Public IP

address

• Firewall rules: security group

• Bootstrap script (configure at first launch): EC2
User Data
EC2 Instance Naming
Convention

EC2 Instance Types

➢General Purpose
➢Compute Optimised
➢Memory Optimised
➢Accelerated Computing
➢Storage Optimised
➢HPC Optimised
➢Instance Features
➢Measuring Instance Performance
Security Groups

• Security Groups are the fundamental of network security in

AWS
• They control how traffic is allowed into or out of our EC2
Instances.

• Security groups only contain ALLLOW rules

• Security groups rules can reference by IP or by security
group
• Security groups are acting as a “firewall” on EC2 instances
• They regulate:
• Access to Ports
• Authorised IP ranges – IPv4 and IPv6
• Control of inbound network (from other to the
instance)
• Control of outbound network (from the instance to
other)
Security Groups Diagram

Security Groups good to know

• Can be attached to multiple instances
• Locked down to a region / VPC combination
• Does live “outside” the EC2 – if traffic is blocked the EC2
instance won’t see it
• It’s good to maintain one separate security group for SSH
access
• If your application is not accessible (time out), then it’s a
security group issue
• If your application gives a “connection refused“ error, then
it’s an application error or it’s not launched
• All inbound traffic is blocked by default
• All outbound traffic is authorised by default
Referencing other Security Groups
Diagram

Classic Ports to Know

• 22 = SSH (Secure Shell) - log into a Linux instance

• 21 = FTP (File Transfer Protocol) – upload files into a file
share
• 22 = SFTP (Secure File Transfer Protocol) – upload files using
SSH
• 80 = HTTP – access unsecured websites
• 443 = HTTPS – access secured websites
• 3389 = RDP (Remote Desktop Protocol) – log into a
Windows instance
SSH Summary Table

EC2 Instance Purchasing Options

• On-Demand Instances – short workload, predictable pricing, pay by

second
• Reserved (1 & 3 years)
• Reserved Instances – long workloads
• Convertible Reserved Instances – long workloads with flexible instances
• Savings Plans (1 & 3 years) –commitment to an amount of usage, long
workload
• Spot Instances – short workloads, cheap, can lose instances (less
reliable)
• Dedicated Hosts – book an entire physical server, control instance
placement
• Dedicated Instances – no other customers will share your hardware
• Capacity Reservations – reserve capacity in a specific AZ for any duration
Which purchasing option is right for you ?

Let’s Understand with an example :

• On demand: coming and staying in resort whenever we like,

we pay the full price

• Reserved: like planning ahead and if we plan to stay for a

long time, we may get a good discount.

• Savings Plans: pay a certain amount per hour for certain

period and stay in any room type (e.g., King, Suite, Sea View,
…)

• Spot instances: the hotel allows people to bid for the empty
rooms and the highest bidder keeps the rooms. You can get
kicked out at any time

• Dedicated Hosts: We book an entire building of the resort

• Capacity Reservations: you book a room for a period with

full price even you don’t stay in it
Shared Responsibility Model
for EC2

AWS
• Infrastructure (global network
security)
• Isolation on physical hosts
• Replacing faulty hardware
• Compliance validation

YOU
• Security Groups rules
• Operating-system patches and updates
• Software and utilities installed on the EC2 instance
• IAM Roles assigned to EC2 & IAM user access
management
• Data security on your instance
EC2 Section Summary

• EC2 Instance: AMI (OS) + Instance Size (CPU +

RAM) + Storage + security groups + EC2 User Data

• Security Groups: Firewall attached to the EC2

instance

• SSH: start a terminal into our EC2 Instances (port

22)

• EC2 Instance Role: link to IAM roles

• Purchasing Options: On-Demand, Spot,

Reserved (Standard + Convertible + Scheduled),
Dedicated Host, Dedicated Instance
 EC2 Instance
Storage Section
What’s an EBS Volume ?

• An EBS (Elastic Block Store) Volume is a network drive

you can attach to your instances while they run

• It allows your instances to persist data, even after

their termination

• They can only be mounted to one instance at a time

(at the CCP level)

• They are bound to a specific availability zone

• Analogy: Think of them as a “network USB stick”

EBS Volume

• It’s a network drive (i.e. not a physical drive)

• It uses the network to communicate the instance, which means there
might be a bit of latency
• It can be detached from an EC2 instance and attached to another one
quickly

• It’s locked to an Availability Zone (AZ)

• An EBS Volume in us-east-1a cannot be attached to us-east-1b
• To move a volume across, you first need to snapshot it

• Have a provisioned capacity (size in GBs, and IOPS)

• You get billed for all the provisioned capacity
• You can increase the capacity of the drive over time
EBS Snapshots

• Make a backup (snapshot) of your EBS volume at

a point in time

• Not necessary to detach volume to do snapshot,

but recommended

• Can copy snapshots across AZ or Region

EBS Snapshots Features

• EBS Snapshot Archive

• Move a Snapshot to an ”archive tier” that is 75% cheaper

• Takes within 24 to 72 hours for restoring the archive

• Recycle Bin for EBS Snapshots

• Setup rules to retain deleted snapshots so you can recover

them after an accidental deletion
• Specify retention (from 1 day to 1 year)
 EC2 Image Builder

• Used to automate the creation of Virtual

Machines or container images

• => Automate the creation, maintain, validate

and test EC2 AMIs

• Can be run on a schedule (weekly, whenever

packages are updated, etc…)

• Free service (only pay for the underlying

resources)
 EC2 Instance Store

• EBS volumes are network drives with good but “limited”

performance
• If you need a high-performance hardware disk, use EC2 Instance
Store
• Better I/O performance
• EC2 Instance Store lose their storage if they’re stopped (ephemeral)
• Good for buffer / cache / scratch data / temporary content
• Risk of data loss if hardware fails
• Backups and Replication are your responsibility
 EFS – Elastic File System

• Managed NFS (network file system) that can be mounted on 100s of EC2
• EFS works with Linux EC2 instances in multi-AZ
• Highly available, scalable, expensive (3x gp2), pay per use, no capacity
planning

EBS VS EFS
Elastic Load Balancing and Auto Scaling
Groups Section

Scalability and High Availability

• Scalability means that an application / system can handle

greater loads by adapting.
• There are two kinds of scalability:
• Vertical Scalability
• Horizontal Scalability (= elasticity)

• Scalability is linked but different to High Availability

Vertical Scalability

• Vertical Scalability means increasing the size of the instance

• For example, your application runs on a t2.micro
• Scaling that application vertically means running it on a t2.large
• Vertical scalability is very common for non distributed systems,
such as a database.
• There’s usually a limit to how much you can vertically scale
(hardware limit)
Horizontal Scalability

• Horizontal Scalability means increasing the number of instances /

systems for your application

• Horizontal scaling implies distributed systems.

• This is very common for web applications / modern applications

• It’s easy to horizontally scale thanks the cloud offerings such as

Amazon EC2

High Availability

• High Availability usually goes hand in hand with horizontal scaling

• High availability means running your application / system in at least

2 Availability Zones

• The goal of high availability is to survive a data center loss (disaster)

High Availability and Scalability for EC2

• Vertical Scaling: Increase instance size (= scale up / down)

• From: t2.nano - 0.5G of RAM, 1 vCPU
• To: u-12tb1.metal – 12.3 TB of RAM, 448 vCPUs

• Horizontal Scaling: Increase number of instances (= scale out / in)

• Auto Scaling Group
• Load Balancer

• High Availability: Run instances for the same application across

multi AZ
• Auto Scaling Group multi AZ
• Load Balancer multi AZ

Scalability VS Elasticity VS Agility

• Scalability: ability to accommodate a larger load by making the hardware

stronger (scale up), or by adding nodes (scale out)
• Elasticity: once a system is scalable, elasticity means that there will be some
“auto-scaling” so that the system can scale based on the load. This is “cloud-
friendly”: pay-per-use, match demand, optimize costs
• Agility: (not related to scalability - distractor) new IT resources are only a click
away, which means that you reduce the time to make those resources available
to your developers from weeks to just minutes.
What is Load Balancing ?

• Load balancers are servers that forward internet traffic to

multiple servers (EC2 Instances) downstream.

Why use a Load Balancer ?

• Spread load across multiple downstream instances

• Expose a single point of access (DNS) to your application
• Seamlessly handle failures of downstream instances
• Do regular health checks to your instances
• Provide SSL termination (HTTPS) for your websites
• High availability across zones
Why use an Elastic load Balancer ?

• An ELB (Elastic Load Balancer) is a managed load balancer

• AWS guarantees that it will be working
• AWS takes care of upgrades, maintenance, high availability
• AWS provides only a few configuration knobs

• It costs less to setup your own load balancer but it will be a

lot more effort on your end (maintenance, integrations)

• 3 kinds of load balancers offered by AWS:

• Application Load Balancer (HTTP / HTTPS only) – Layer 7
• Network Load Balancer (ultra-high performance, allows for TCP) – Layer 4
• Gateway Load Balancer – Layer 3
 What’s an Auto Scaling Group ?

• In real-life, the load on your websites and application can change

• In the cloud, you can create and get rid of servers very quickly

• The goal of an Auto Scaling Group (ASG) is to:

• Scale out (add EC2 instances) to match an increased load
• Scale in (remove EC2 instances) to match a decreased load
• Ensure we have a minimum and a maximum number of machines
running
• Automatically register new instances to a load balancer

• Replace unhealthy instances

• Cost Savings: only run at an optimal capacity (principle of the cloud)

Auto Scaling Group in AWS

Auto Scaling Group in AWS with Load Balancer

Auto Scaling Groups – Scaling Strategies

• Manual Scaling: Update the size of an ASG manually

• Dynamic Scaling: Respond to changing demand

• Simple / Step Scaling
• When a CloudWatch alarm is triggered (example CPU > 70%), then add 2 units

• When a CloudWatch alarm is triggered (example CPU < 30%), then remove 1

• Target Tracking Scaling

• Example: I want the average ASG CPU to stay at around 40%

• Scheduled Scaling
• Anticipate a scaling based on known usage patterns

• Example: increase the min. capacity to 10 at 5 pm on Fridays

• Predictive Scaling
• Uses Machine Learning to predict future traffic ahead of time
• Automatically provisions the right number of EC2 instances in advance
• Useful when your load has predictable time - based patterns
 Amazon S3
Section
Introduction

• Amazon S3 is one of the main building blocks of AWS

• It’s advertised as ”infinitely scaling” storage
• Many websites use Amazon S3 as a backbone
• Many AWS services use Amazon S3 as an integration as well

Amazon S3 use cases

• Backup and storage

• Disaster Recovery
• Archive
• Hybrid Cloud storage
• Application hosting
• Media hosting
• Data lakes & big data analytics
• Software delivery

• Static website
Amazon S3 – Buckets

• Amazon S3 allows people to store objects (files) in

“buckets” (directories)

• Buckets must have a globally unique name (across all

regions all accounts)

• Buckets are defined at the region level

• S3 looks like a global service but buckets are created in a

region

• Naming convention
• No uppercase, No underscore
• 3-63 characters long
• Not an IP
• Must start with lowercase letter or number
• Must NOT start with the prefix xn-- • Must NOT end with the suffix -s3alias
Amazon S3 – Objects

• Objects (files) have a Key

• The key is the FULL path:

• s3://my-bucket/my_file.txt
• s3://my-bucket/my_folder1/another_folder/my_file.txt

• The key is composed of prefix + object name

• s3://my-bucket/my_folder1/another_folder/my_file.txt

• There’s no concept of “directories” within buckets (although the UI will trick

you to think otherwise)

• Just keys with very long names that contain slashes (“/”)

• Object values are the content of the body:

• Max. Object Size is 5TB (5000GB)
• If uploading more than 5GB, must use “multi-part upload”

• Metadata (list of text key / value pairs – system or user metadata)

• Tags (Unicode key / value pair – up to 10) – useful for security / lifecycle

• Version ID (if versioning is enabled)

Amazon S3 – Security

• User-Based
• IAM Policies – which API calls should be allowed for a specific
user from IAM

• Resource-Based
• Bucket Policies – bucket wide rules from the S3 console -
allows cross account
• Object Access Control List (ACL) – finer grain (can be disabled)
• Bucket Access Control List (ACL) – less common (can be
disabled)

• Note: an IAM principal can access an S3 object if

• The user IAM permissions ALLOW it OR the resource policy
ALLOWS it
• AND there’s no explicit DENY

• Encryption: encrypt objects in Amazon S3 using encryption keys

S3 Bucket Policy

• JSON based policies

• Resources: buckets and objects
• Effect: Allow / Deny
• Actions: Set of API to Allow or Deny
• Principal: The account or user to apply the policy to

• Use S3 bucket for policy to:

• Grant public access to the bucket
• Force objects to be encrypted at upload
• Grant access to another account (Cross Account)
Example : Public Access – Use Bucket policy

Example : User Access to S3 – IAM Permissions

Example : EC2 Instance Access – Use IAM Roles

Advanced: Cross-Account Access – Use Bucket Policy

Bucket setting for Block Public Access

• These settings were created to prevent company data leaks

• If you know your bucket should never be public, leave these on
• Can be set at the account level

Amazon S3 – Static Website Hosting

• S3 can host static websites and have them accessible on the

Internet

• The website URL will be (depending on the region)

• http://bucket-name.s3-website-aws-region.amazonaws.com
OR
• http://bucket-name.s3-website.aws-region.amazonaws.com

• If you get a 403 Forbidden error, make sure the bucket policy allows
public reads!
Amazon S3 – Versioning

• You can version your files in Amazon S3

• It is enabled at the bucket level

• Same key overwrite will change the “version”: 1, 2, 3….

• It is best practice to version your buckets

• Protect against unintended deletes (ability to restore a version)
• Easy roll back to previous version

• Notes:
• Any file that is not versioned prior to enabling versioning will have
version “null”
• Suspending versioning does not delete the previous versions
Amazon S3 – Replication ( CRR and SRR )

• Must enable Versioning in source and destination buckets

• Cross-Region Replication (CRR)
• Same-Region Replication (SRR)
• Buckets can be in different AWS accounts
• Copying is asynchronous
• Must give proper IAM permissions to S3

• Use cases:
• CRR – compliance, lower latency access, replication across accounts
• SRR – log aggregation, live replication between production and test
accounts
S3 Durability and Availability

• Durability:
• High durability (99.999999999%, 11 9’s) of objects across multiple AZ
• If you store 10,000,000 objects with Amazon S3, you can on average
expect to incur a loss of a single object once every 10,000 years
• Same for all storage classes

• Availability:
• Measures how readily available a service is
• Varies depending on storage class
• Example: S3 standard has 99.99% availability = not available 53 minutes a
year

S3 Storage Classes

• Amazon S3 Standard - General Purpose

• Amazon S3 Standard-Infrequent Access (IA)
• Amazon S3 One Zone-Infrequent Access
• Amazon S3 Glacier Instant Retrieval
• Amazon S3 Glacier Flexible Retrieval
• Amazon S3 Glacier Deep Archive
• Amazon S3 Intelligent Tiering
S3 Standard – General Purpose

• 99.99% Availability
• Used for frequently accessed data
• Low latency and high throughput
• Sustain 2 concurrent facility failures
• Use Cases: Big Data analytics, mobile & gaming
applications, content distribution…

S3 Storage Classes – Infrequent Access

• For data that is less frequently accessed, but requires rapid access
when needed
• Lower cost than S3 Standard
• Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
• 99.9% Availability
• Use cases: Disaster Recovery, backups

• Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

• High durability (99.999999999%) in a single AZ; data lost when AZ is
destroyed
• 99.5% Availability
• Use Cases: Storing secondary backup copies of on-premise data, or data
you can recreate
Amazon S3 Glacier Storage Classes

• Low-cost object storage meant for archiving / backup

• Pricing: price for storage + object retrieval cost

• Amazon S3 Glacier Instant Retrieval

• Millisecond retrieval, great for data accessed once a quarter
• Minimum storage duration of 90 days
• Amazon S3 Glacier Flexible Retrieval (formerly Amazon S3
Glacier):
• Expedited (1 to 5 minutes), Standard (3 to 5 hours), Bulk (5 to 12
hours) – free
• Minimum storage duration of 90 days

• Amazon S3 Glacier Deep Archive – for long term

storage:

• Standard (12 hours), Bulk (48 hours)

• Minimum storage duration of 180 days
S3 Intelligent-Tiering

• Small monthly monitoring and auto-tiering fee

• Moves objects automatically between Access Tiers based on usage
• There are no retrieval charges in S3 Intelligent-Tiering
• Frequent Access tier (automatic): default tier
• Infrequent Access tier (automatic): objects not accessed for 30 days
• Archive Instant Access tier (automatic): objects not accessed for 90
days
• Archive Access tier (optional): configurable from 90 days to 700+
days
• Deep Archive Access tier (optional): config. from 180 days to 700+
days

S3 Storage Classes Comparison

S3 Storage Classes – Price Comparison
Example : us-east-1

S3 Encryption
Shared Responsibility Model for S3

AWS

• Infrastructure (global security, durability, availability, sustain

concurrent loss of data in two facilities)
• Configuration and vulnerability analysis
• Compliance validation

YOU

• S3 Versioning
• S3 Bucket Policies
• S3 Replication Setup
• Logging and Monitoring
• S3 Storage Classes
• Data encryption at rest and in transit
AWS Snow Family for Data Migrations

AWS Storage Cloud native options