0% found this document useful (0 votes)
57 views71 pages

AWS Booklet

The document discusses infrastructure as a service (IaaS) cloud computing. It describes what the cloud is, how it works, examples of cloud services, pricing models, and advantages like flexibility, scalability, and cost effectiveness. Infrastructure in the cloud is managed by cloud providers and accessed over the internet.

Uploaded by

brutalxrop
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
57 views71 pages

AWS Booklet

The document discusses infrastructure as a service (IaaS) cloud computing. It describes what the cloud is, how it works, examples of cloud services, pricing models, and advantages like flexibility, scalability, and cost effectiveness. Infrastructure in the cloud is managed by cloud providers and accessed over the internet.

Uploaded by

brutalxrop
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 71

How Websites Work ?

Just like When you are sending a post mail

What is a Server composed of ?


IT Terminology :
• Network: cables, routers and servers connected with each
other
• Router: A networking device that forwards data packets
between computer networks. They know where to send your
packets on the internet!
• Switch: Takes a packet and send it to the correct server /
client on your network.

Traditionally how to build Infrastructure :


Problems with traditional IT approach :

• Pay for the rent for the data center


• Pay for power supply, cooling, maintenance
• Adding and replacing hardware takes time
• Scaling is limited
• Hire 24/7 team to monitor the infrastructure
• How to deal with disasters? (earthquake, power
shutdown, fire…)

Can we Externalize all this ?


➢ Yes with the help of Cloud.
What is Cloud Computing ?

• Cloud computing is the on-demand delivery of compute


power, database storage, applications, and other IT resources
• Through a cloud services platform with pay-as-you-go
pricing
• You can provision exactly the right type and size of
computing resources you need
• You can access as many resources as you need, almost
instantly
• Simple way to access servers, storage, databases and a set
of application services
• Amazon Web Services owns and maintains the network-
connected hardware required for these application services,
while you provision and use what you need via a web
application.
You have been using some Cloud
Services :

Gmail
➢Email cloud service.
➢Pay for only your emails
Stored.

Dropbox
➢Cloud storage service.
➢Originally built on AWS.

Netflix
➢Built on AWS.
➢Videos on Demand.
The Deployment Models of Cloud

Private Cloud :
• Cloud services used by a single organization, not exposed to
the public.
• Complete control
• Security for sensitive applications
• Meet specific business needs

Public Cloud :
• Cloud resources owned and operated by a third party cloud
service provider delivered over the Internet.
• Six Advantages of Cloud Computing
Hybrid Cloud :

• Keep some servers on premises and extend some


capabilities to the Cloud
• Control over sensitive assets in your private infrastructure
• Flexibility and cost effectiveness of the public cloud
The Five Characteristics of Cloud
Comptuing

• On-demand self service:


• Users can provision resources and use them without human
interaction from the service provider

• Broad network access:


• Resources available over the network, and can be accessed by diverse client
platforms

• Multi-tenancy and resource pooling:


• Multiple customers can share the same infrastructure and applications with
security and privacy
• Multiple customers are serviced from the same physical resources

• Rapid elasticity and scalability:


• Automatically and quickly acquire and dispose resources when needed
• Quickly and easily scale based on demand

• Measured service:
• Usage is measured, users pay correctly for what they have used
Six Advantages of Cloud Computing

• Trade capital expense (CAPEX) for operational


expense (OPEX) :
• Pay On-Demand: don’t own hardware
• Reduced Total Cost of Ownership (TCO) & Operational Expense
(OPEX)

• Benefit from massive economies of scale :


• Prices are reduced as AWS is more efficient due to large scale

• Stop guessing capacity :


• Scale based on actual measured usage

• Increase speed and agility

• Stop spending money running and maintaining data


centers

• Go global in minutes: leverage the AWS global


infrastructure
Problems solved by the Cloud

• Flexibility: change resource types when needed

• Cost-Effectiveness: pay as you go, for what you


use

• Scalability: accommodate larger loads by


making hardware stronger or adding additional
nodes

• Elasticity: ability to scale out and scale-in when


needed

• High-availability and fault-tolerance: build


across data centers

• Agility: rapidly develop, test and launch


software applications
Types of Cloud Computing

• Infrastructure as a Service (IaaS)


• Provide building blocks for cloud IT
• Provides networking, computers, data storage space
• Highest level of flexibility
• Easy parallel with traditional on-premises IT

• Platform as a Service (PaaS)


• Removes the need for your organization to manage the underlying
infrastructure
• Focus on the deployment and management of your applications

• Software as a Service (SaaS)


• Completed product that is run and managed by the service provider
Examples of Cloud Computing types

• Infrastructure as a Service:
• Amazon EC2 (on AWS)
• GCP, Azure, Rackspace, Digital Ocean, Linode

• Platform as a Service:
• Elastic Beanstalk (on AWS)
• Heroku, Google App Engine (GCP), Windows Azure (Microsoft)

• Software as a Service:
• Many AWS services (ex: Rekognition for Machine Learning)
• Google Apps (Gmail), Dropbox, Zoom
Pricing of the Cloud – Quick Overview

AWS has 3 Pricing Fundamentals, following


the pay-as-you-go pricing model

• Compute:
• Pay for compute time

• Storage:
• Pay for data stored in the Cloud

• Data transfer OUT of the Cloud:


• Data transfer IN is FREE
AWS Cloud History

AWS Cloud Number Facts :


• In 2019, AWS had $35.02 billion in annual revenue
• AWS accounts for 47% of the market in 2019 (Microsoft is 2nd with 22%)
• Pioneer and Leader of the AWS Cloud Market for the 9th consecutive year
• Over 1,000,000 active users
AWS Cloud Use Cases

• AWS enables you to build sophisticated, scalable


applications

• Applicable to a diverse set of industries

• Use cases include

• Enterprise IT, backup & Storage, Big Data analytics


• Website hosting, Mobile & Social Apps
• Gaming
AWS Global Infrastructure

• AWS Regions
• AWS Availability Zones
• AWS Data Centers
• AWS Edge Locations / Points of Presence
AWS Regions

• AWS has Regions all around the world


• Names can be us-east-1, eu-west-3…
• A region is a cluster of data centers
• Most AWS services are region-scoped
How to choose an AWS Region?

• Compliance with data governance and legal


requirements: data never leaves a region without your
explicit permission

• Proximity to customers: reduced latency

• Available services within a Region: new services and


new features aren’t available in every Region

• Pricing: pricing varies region to region and is


transparent in the service pricing page
AWS Availability Zones

• Each region has many availability zones (usually 3, min is 3, max is 6).
Example: • ap-southeast-2a
• ap-southeast-2b
• ap-southeast-2c

• Each availability zone (AZ) is one or more discrete data centers with
redundant power, networking, and connectivity

• They’re separate from each other, so that they’re isolated from disasters

• They’re connected with high bandwidth, ultra-low latency networking


AWS Points of Presence ( Edge
Locations )

• Amazon has 400+ Points of Presence (400+ Edge


Locations & 10+ Regional Caches) in 90+ cities
across 40+ countries

• Content is delivered to end users with lower


latency
Shared Responsibilty Model
Diagram

Costumer
Responsibility IN the Cloud

AWS
Responsibility OF the Cloud
AWS Acceptable Use Policy

• No Illegal, Harmful, or Offensive Use or Content

• No Security Violations

• No Network Abuse

• No E-Mail or Other Message Abuse


IAM
SECTION
IAM Users and Groups

• IAM = Identity and Access Management, Global


service
• Root account created by default, shouldn’t be used or
shared
• Users are people within your organization, and can be
grouped
• Groups only contain users, not other groups
• Users don’t have to belong to a group, and user can
belong to multiple groups
IAM Permissions

• Users or Groups can be assigned JSON


documents called policies
• These policies define the permissions of the
users
• In AWS you apply the least privilege
principle: don’t give more permissions than a
user needs
IAM Policies Inheritance

IAM Password Policy


• Strong passwords = higher security for your account
• In AWS, you can setup a password policy:
• Set a minimum password length
• Require specific character types:
• including uppercase letters
• lowercase letters
• numbers
• non-alphanumeric characters
• Allow all IAM users to change their own passwords
• Require users to change their password after some time (password
expiration)
• Prevent password re-use
Multi Factor
Authentication – MFA

• Users have access to your account and can possibly


change configurations or delete resources in your AWS
account

• You want to protect your Root Accounts and IAM


users

• MFA = password you know + security device you own

• Main benefit of MFA: if a password is stolen or


hacked, the account is not compromised
MFA Devices options in AWS

How can Users access AWS ?


• To access AWS, you have three options:
• AWS Management Console (protected by password + MFA)
• AWS Command Line Interface (CLI): protected by access keys
• AWS Software Developer Kit (SDK) - for code: protected by access keys

• Access Keys are generated through the AWS Console


• Users manage their own access keys
• Access Keys are secret, just like a password. Don’t share them
IAM Roles for Services

• Some AWS service will need to perform actions on your


behalf

• To do so, we will assign permissions to AWS services with


IAM Roles

• Common roles:
• EC2 Instance Roles
• Lambda Function Roles
• Roles for CloudFormation
IAM Guidelines and Best
Practices

• Don’t use the root account except for AWS


account setup
• One physical user = One AWS user
• Assign users to groups and assign permissions to
groups
• Create a strong password policy
• Use and enforce the use of Multi Factor
Authentication (MFA)
• Create and use Roles for giving permissions to
AWS services
• Use Access Keys for Programmatic Access (CLI /
SDK)
• Audit permissions of your account using IAM
Credentials Report & IAM Access Advisor
• Never share IAM users & Access Keys
Shared Responsibility Model for IAM

AWS
• Infrastructure (global network security)
• Configuration and vulnerability analysis
• Compliance validation

YOU
• Users, Groups, Roles, Policies management and monitoring
• Enable MFA on all accounts
• Rotate all your keys often
• Use IAM tools to apply appropriate permissions
• Analyze access patterns & review permissions

IAM Section
• Users: mapped to a physical user, has a password for AWS Console
• Groups: contains users only
• Policies: JSON document that outlines permissions for users or groups
• Roles: for EC2 instances or AWS services
• Security: MFA + Password Policy
• AWS CLI: manage your AWS services using the command-line
• AWS SDK: manage your AWS services using a programming language
EC2
SECTION
Amazon EC2

• EC2 is one of the most popular of AWS’ offering


• EC2 = Elastic Compute Cloud = Infrastructure as
a Service

• It mainly consists in the capability of :


• Renting virtual machines (EC2)
• Storing data on virtual drives (EBS)
• Distributing load across machines (ELB)
• Scaling the services using an auto-scaling group (ASG)

• Knowing EC2 is fundamental to understand how the


Cloud works
EC2 Sizing and Configuration options

• Operating System (OS): Linux, Windows or Mac


OS

• How much compute power & cores (CPU)

• How much random-access memory (RAM)

• How much storage space:


• Network-attached (EBS & EFS)
• hardware (EC2 Instance Store)

• Network card: speed of the card, Public IP


address

• Firewall rules: security group


• Bootstrap script (configure at first launch): EC2
User Data
EC2 Instance Naming
Convention

EC2 Instance Types

➢General Purpose
➢Compute Optimised
➢Memory Optimised
➢Accelerated Computing
➢Storage Optimised
➢HPC Optimised
➢Instance Features
➢Measuring Instance Performance
Security Groups

• Security Groups are the fundamental of network security in


AWS
• They control how traffic is allowed into or out of our EC2
Instances.

• Security groups only contain ALLLOW rules


• Security groups rules can reference by IP or by security
group
• Security groups are acting as a “firewall” on EC2 instances
• They regulate:
• Access to Ports
• Authorised IP ranges – IPv4 and IPv6
• Control of inbound network (from other to the
instance)
• Control of outbound network (from the instance to
other)
Security Groups Diagram

Security Groups good to know


• Can be attached to multiple instances
• Locked down to a region / VPC combination
• Does live “outside” the EC2 – if traffic is blocked the EC2
instance won’t see it
• It’s good to maintain one separate security group for SSH
access
• If your application is not accessible (time out), then it’s a
security group issue
• If your application gives a “connection refused“ error, then
it’s an application error or it’s not launched
• All inbound traffic is blocked by default
• All outbound traffic is authorised by default
Referencing other Security Groups
Diagram

Classic Ports to Know

• 22 = SSH (Secure Shell) - log into a Linux instance


• 21 = FTP (File Transfer Protocol) – upload files into a file
share
• 22 = SFTP (Secure File Transfer Protocol) – upload files using
SSH
• 80 = HTTP – access unsecured websites
• 443 = HTTPS – access secured websites
• 3389 = RDP (Remote Desktop Protocol) – log into a
Windows instance
SSH Summary Table

EC2 Instance Purchasing Options

• On-Demand Instances – short workload, predictable pricing, pay by


second
• Reserved (1 & 3 years)
• Reserved Instances – long workloads
• Convertible Reserved Instances – long workloads with flexible instances
• Savings Plans (1 & 3 years) –commitment to an amount of usage, long
workload
• Spot Instances – short workloads, cheap, can lose instances (less
reliable)
• Dedicated Hosts – book an entire physical server, control instance
placement
• Dedicated Instances – no other customers will share your hardware
• Capacity Reservations – reserve capacity in a specific AZ for any duration
Which purchasing option is right for you ?

Let’s Understand with an example :

• On demand: coming and staying in resort whenever we like,


we pay the full price

• Reserved: like planning ahead and if we plan to stay for a


long time, we may get a good discount.

• Savings Plans: pay a certain amount per hour for certain


period and stay in any room type (e.g., King, Suite, Sea View,
…)

• Spot instances: the hotel allows people to bid for the empty
rooms and the highest bidder keeps the rooms. You can get
kicked out at any time

• Dedicated Hosts: We book an entire building of the resort

• Capacity Reservations: you book a room for a period with


full price even you don’t stay in it
Shared Responsibility Model
for EC2

AWS
• Infrastructure (global network
security)
• Isolation on physical hosts
• Replacing faulty hardware
• Compliance validation

YOU
• Security Groups rules
• Operating-system patches and updates
• Software and utilities installed on the EC2 instance
• IAM Roles assigned to EC2 & IAM user access
management
• Data security on your instance
EC2 Section Summary

• EC2 Instance: AMI (OS) + Instance Size (CPU +


RAM) + Storage + security groups + EC2 User Data

• Security Groups: Firewall attached to the EC2


instance

• SSH: start a terminal into our EC2 Instances (port


22)

• EC2 Instance Role: link to IAM roles

• Purchasing Options: On-Demand, Spot,


Reserved (Standard + Convertible + Scheduled),
Dedicated Host, Dedicated Instance
EC2 Instance
Storage Section
What’s an EBS Volume ?

• An EBS (Elastic Block Store) Volume is a network drive


you can attach to your instances while they run

• It allows your instances to persist data, even after


their termination

• They can only be mounted to one instance at a time


(at the CCP level)

• They are bound to a specific availability zone

• Analogy: Think of them as a “network USB stick”


EBS Volume

• It’s a network drive (i.e. not a physical drive)


• It uses the network to communicate the instance, which means there
might be a bit of latency
• It can be detached from an EC2 instance and attached to another one
quickly

• It’s locked to an Availability Zone (AZ)


• An EBS Volume in us-east-1a cannot be attached to us-east-1b
• To move a volume across, you first need to snapshot it

• Have a provisioned capacity (size in GBs, and IOPS)


• You get billed for all the provisioned capacity
• You can increase the capacity of the drive over time
EBS Snapshots

• Make a backup (snapshot) of your EBS volume at


a point in time

• Not necessary to detach volume to do snapshot,


but recommended

• Can copy snapshots across AZ or Region


EBS Snapshots Features

• EBS Snapshot Archive

• Move a Snapshot to an ”archive tier” that is 75% cheaper


• Takes within 24 to 72 hours for restoring the archive

• Recycle Bin for EBS Snapshots

• Setup rules to retain deleted snapshots so you can recover


them after an accidental deletion
• Specify retention (from 1 day to 1 year)
EC2 Image Builder

• Used to automate the creation of Virtual


Machines or container images

• => Automate the creation, maintain, validate


and test EC2 AMIs

• Can be run on a schedule (weekly, whenever


packages are updated, etc…)

• Free service (only pay for the underlying


resources)
EC2 Instance Store

• EBS volumes are network drives with good but “limited”


performance
• If you need a high-performance hardware disk, use EC2 Instance
Store
• Better I/O performance
• EC2 Instance Store lose their storage if they’re stopped (ephemeral)
• Good for buffer / cache / scratch data / temporary content
• Risk of data loss if hardware fails
• Backups and Replication are your responsibility
EFS – Elastic File System

• Managed NFS (network file system) that can be mounted on 100s of EC2
• EFS works with Linux EC2 instances in multi-AZ
• Highly available, scalable, expensive (3x gp2), pay per use, no capacity
planning

EBS VS EFS
Elastic Load Balancing and Auto Scaling
Groups Section

Scalability and High Availability

• Scalability means that an application / system can handle


greater loads by adapting.
• There are two kinds of scalability:
• Vertical Scalability
• Horizontal Scalability (= elasticity)

• Scalability is linked but different to High Availability

Vertical Scalability

• Vertical Scalability means increasing the size of the instance


• For example, your application runs on a t2.micro
• Scaling that application vertically means running it on a t2.large
• Vertical scalability is very common for non distributed systems,
such as a database.
• There’s usually a limit to how much you can vertically scale
(hardware limit)
Horizontal Scalability

• Horizontal Scalability means increasing the number of instances /


systems for your application

• Horizontal scaling implies distributed systems.

• This is very common for web applications / modern applications

• It’s easy to horizontally scale thanks the cloud offerings such as


Amazon EC2

High Availability

• High Availability usually goes hand in hand with horizontal scaling

• High availability means running your application / system in at least


2 Availability Zones

• The goal of high availability is to survive a data center loss (disaster)


High Availability and Scalability for EC2

• Vertical Scaling: Increase instance size (= scale up / down)


• From: t2.nano - 0.5G of RAM, 1 vCPU
• To: u-12tb1.metal – 12.3 TB of RAM, 448 vCPUs

• Horizontal Scaling: Increase number of instances (= scale out / in)


• Auto Scaling Group
• Load Balancer

• High Availability: Run instances for the same application across


multi AZ
• Auto Scaling Group multi AZ
• Load Balancer multi AZ

Scalability VS Elasticity VS Agility

• Scalability: ability to accommodate a larger load by making the hardware


stronger (scale up), or by adding nodes (scale out)
• Elasticity: once a system is scalable, elasticity means that there will be some
“auto-scaling” so that the system can scale based on the load. This is “cloud-
friendly”: pay-per-use, match demand, optimize costs
• Agility: (not related to scalability - distractor) new IT resources are only a click
away, which means that you reduce the time to make those resources available
to your developers from weeks to just minutes.
What is Load Balancing ?

• Load balancers are servers that forward internet traffic to


multiple servers (EC2 Instances) downstream.

Why use a Load Balancer ?

• Spread load across multiple downstream instances


• Expose a single point of access (DNS) to your application
• Seamlessly handle failures of downstream instances
• Do regular health checks to your instances
• Provide SSL termination (HTTPS) for your websites
• High availability across zones
Why use an Elastic load Balancer ?

• An ELB (Elastic Load Balancer) is a managed load balancer


• AWS guarantees that it will be working
• AWS takes care of upgrades, maintenance, high availability
• AWS provides only a few configuration knobs

• It costs less to setup your own load balancer but it will be a


lot more effort on your end (maintenance, integrations)

• 3 kinds of load balancers offered by AWS:


• Application Load Balancer (HTTP / HTTPS only) – Layer 7
• Network Load Balancer (ultra-high performance, allows for TCP) – Layer 4
• Gateway Load Balancer – Layer 3
What’s an Auto Scaling Group ?

• In real-life, the load on your websites and application can change


• In the cloud, you can create and get rid of servers very quickly

• The goal of an Auto Scaling Group (ASG) is to:


• Scale out (add EC2 instances) to match an increased load
• Scale in (remove EC2 instances) to match a decreased load
• Ensure we have a minimum and a maximum number of machines
running
• Automatically register new instances to a load balancer

• Replace unhealthy instances


• Cost Savings: only run at an optimal capacity (principle of the cloud)

Auto Scaling Group in AWS


Auto Scaling Group in AWS with Load Balancer

Auto Scaling Groups – Scaling Strategies


• Manual Scaling: Update the size of an ASG manually

• Dynamic Scaling: Respond to changing demand


• Simple / Step Scaling
• When a CloudWatch alarm is triggered (example CPU > 70%), then add 2 units

• When a CloudWatch alarm is triggered (example CPU < 30%), then remove 1

• Target Tracking Scaling


• Example: I want the average ASG CPU to stay at around 40%

• Scheduled Scaling
• Anticipate a scaling based on known usage patterns

• Example: increase the min. capacity to 10 at 5 pm on Fridays

• Predictive Scaling
• Uses Machine Learning to predict future traffic ahead of time
• Automatically provisions the right number of EC2 instances in advance
• Useful when your load has predictable time - based patterns
Amazon S3
Section
Introduction

• Amazon S3 is one of the main building blocks of AWS


• It’s advertised as ”infinitely scaling” storage
• Many websites use Amazon S3 as a backbone
• Many AWS services use Amazon S3 as an integration as well

Amazon S3 use cases

• Backup and storage


• Disaster Recovery
• Archive
• Hybrid Cloud storage
• Application hosting
• Media hosting
• Data lakes & big data analytics
• Software delivery

• Static website
Amazon S3 – Buckets

• Amazon S3 allows people to store objects (files) in


“buckets” (directories)

• Buckets must have a globally unique name (across all


regions all accounts)

• Buckets are defined at the region level

• S3 looks like a global service but buckets are created in a


region

• Naming convention
• No uppercase, No underscore
• 3-63 characters long
• Not an IP
• Must start with lowercase letter or number
• Must NOT start with the prefix xn-- • Must NOT end with the suffix -s3alias
Amazon S3 – Objects

• Objects (files) have a Key

• The key is the FULL path:


• s3://my-bucket/my_file.txt
• s3://my-bucket/my_folder1/another_folder/my_file.txt

• The key is composed of prefix + object name


• s3://my-bucket/my_folder1/another_folder/my_file.txt

• There’s no concept of “directories” within buckets (although the UI will trick


you to think otherwise)

• Just keys with very long names that contain slashes (“/”)

• Object values are the content of the body:


• Max. Object Size is 5TB (5000GB)
• If uploading more than 5GB, must use “multi-part upload”

• Metadata (list of text key / value pairs – system or user metadata)

• Tags (Unicode key / value pair – up to 10) – useful for security / lifecycle

• Version ID (if versioning is enabled)


Amazon S3 – Security

• User-Based
• IAM Policies – which API calls should be allowed for a specific
user from IAM

• Resource-Based
• Bucket Policies – bucket wide rules from the S3 console -
allows cross account
• Object Access Control List (ACL) – finer grain (can be disabled)
• Bucket Access Control List (ACL) – less common (can be
disabled)

• Note: an IAM principal can access an S3 object if


• The user IAM permissions ALLOW it OR the resource policy
ALLOWS it
• AND there’s no explicit DENY

• Encryption: encrypt objects in Amazon S3 using encryption keys


S3 Bucket Policy

• JSON based policies


• Resources: buckets and objects
• Effect: Allow / Deny
• Actions: Set of API to Allow or Deny
• Principal: The account or user to apply the policy to

• Use S3 bucket for policy to:


• Grant public access to the bucket
• Force objects to be encrypted at upload
• Grant access to another account (Cross Account)
Example : Public Access – Use Bucket policy

Example : User Access to S3 – IAM Permissions

Example : EC2 Instance Access – Use IAM Roles

Advanced: Cross-Account Access – Use Bucket Policy


Bucket setting for Block Public Access

• These settings were created to prevent company data leaks


• If you know your bucket should never be public, leave these on
• Can be set at the account level

Amazon S3 – Static Website Hosting

• S3 can host static websites and have them accessible on the


Internet

• The website URL will be (depending on the region)


• http://bucket-name.s3-website-aws-region.amazonaws.com
OR
• http://bucket-name.s3-website.aws-region.amazonaws.com

• If you get a 403 Forbidden error, make sure the bucket policy allows
public reads!
Amazon S3 – Versioning

• You can version your files in Amazon S3

• It is enabled at the bucket level

• Same key overwrite will change the “version”: 1, 2, 3….

• It is best practice to version your buckets


• Protect against unintended deletes (ability to restore a version)
• Easy roll back to previous version

• Notes:
• Any file that is not versioned prior to enabling versioning will have
version “null”
• Suspending versioning does not delete the previous versions
Amazon S3 – Replication ( CRR and SRR )

• Must enable Versioning in source and destination buckets


• Cross-Region Replication (CRR)
• Same-Region Replication (SRR)
• Buckets can be in different AWS accounts
• Copying is asynchronous
• Must give proper IAM permissions to S3

• Use cases:
• CRR – compliance, lower latency access, replication across accounts
• SRR – log aggregation, live replication between production and test
accounts
S3 Durability and Availability

• Durability:
• High durability (99.999999999%, 11 9’s) of objects across multiple AZ
• If you store 10,000,000 objects with Amazon S3, you can on average
expect to incur a loss of a single object once every 10,000 years
• Same for all storage classes

• Availability:
• Measures how readily available a service is
• Varies depending on storage class
• Example: S3 standard has 99.99% availability = not available 53 minutes a
year

S3 Storage Classes

• Amazon S3 Standard - General Purpose


• Amazon S3 Standard-Infrequent Access (IA)
• Amazon S3 One Zone-Infrequent Access
• Amazon S3 Glacier Instant Retrieval
• Amazon S3 Glacier Flexible Retrieval
• Amazon S3 Glacier Deep Archive
• Amazon S3 Intelligent Tiering
S3 Standard – General Purpose

• 99.99% Availability
• Used for frequently accessed data
• Low latency and high throughput
• Sustain 2 concurrent facility failures
• Use Cases: Big Data analytics, mobile & gaming
applications, content distribution…

S3 Storage Classes – Infrequent Access

• For data that is less frequently accessed, but requires rapid access
when needed
• Lower cost than S3 Standard
• Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
• 99.9% Availability
• Use cases: Disaster Recovery, backups

• Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)


• High durability (99.999999999%) in a single AZ; data lost when AZ is
destroyed
• 99.5% Availability
• Use Cases: Storing secondary backup copies of on-premise data, or data
you can recreate
Amazon S3 Glacier Storage Classes

• Low-cost object storage meant for archiving / backup


• Pricing: price for storage + object retrieval cost

• Amazon S3 Glacier Instant Retrieval


• Millisecond retrieval, great for data accessed once a quarter
• Minimum storage duration of 90 days
• Amazon S3 Glacier Flexible Retrieval (formerly Amazon S3
Glacier):
• Expedited (1 to 5 minutes), Standard (3 to 5 hours), Bulk (5 to 12
hours) – free
• Minimum storage duration of 90 days

• Amazon S3 Glacier Deep Archive – for long term


storage:

• Standard (12 hours), Bulk (48 hours)


• Minimum storage duration of 180 days
S3 Intelligent-Tiering

• Small monthly monitoring and auto-tiering fee


• Moves objects automatically between Access Tiers based on usage
• There are no retrieval charges in S3 Intelligent-Tiering
• Frequent Access tier (automatic): default tier
• Infrequent Access tier (automatic): objects not accessed for 30 days
• Archive Instant Access tier (automatic): objects not accessed for 90
days
• Archive Access tier (optional): configurable from 90 days to 700+
days
• Deep Archive Access tier (optional): config. from 180 days to 700+
days

S3 Storage Classes Comparison


S3 Storage Classes – Price Comparison
Example : us-east-1

S3 Encryption
Shared Responsibility Model for S3

AWS

• Infrastructure (global security, durability, availability, sustain


concurrent loss of data in two facilities)
• Configuration and vulnerability analysis
• Compliance validation

YOU

• S3 Versioning
• S3 Bucket Policies
• S3 Replication Setup
• Logging and Monitoring
• S3 Storage Classes
• Data encryption at rest and in transit
AWS Snow Family for Data Migrations

AWS Storage Cloud native options

You might also like