Arie Bregman

AWS: Solutions Architect Associate

3 minute read

Global Infrastructure

  • Availability Zone is one or more data centres, each with redundant power, networking and connectivity, housed in separate facilities so each AZ is designed to be an independent failure zone
  • Region is a geographical/physical area. Region consists of two or more availability zones
  • Edge locations are endpoints for AWS which are used for content caching

IAM

IAM is used for managing users and their level of access to AWS Console.
It is universal meaning, it’s not applied per region.

Terms

  • Users - People who are using AWS
  • Groups - A collection of users who inherit their permissions from the group permissions
  • Policies - These are Policy documents. They are in JSON format and their purpose is to give permissions as to what a user, group or role are able to do

  • Roles - A way for allowing a service of AWS to use another service of AWS. You assign roles to AWS resources.

  • Root account - This is the account created when you create your AWS account.

Note: when new users created they don’t have permissions. They are assigned with Access Key ID and Secret access which used for CLI and API access but can’t be used for AWS console.

Features

  • Granular Permissions - you can determine who has access to different services
  • Shared Access for AWS account
  • MFA (Multi-Factor Authentication)
  • Authentication from external identities source like Facebook, Linkedin, etc.
  • PCI DSS Compliance compatible
  • Temporary access for users, services and devices
  • Customized password policy
  • Integration with other AWS services
  • Centralized location for AWS account

S3

“Amazon Simple Storage Service (Amazon S3), provides developers and IT teams with secure,
durable, highly-scalable object storage. Unity developers can take advantage of S3 to dynamically
load assets used by their games. This can make games initially download quicker from app stores.”

S3 features:

* Tiered Storage Available
* Lifecycle Management - manage which storage tier
  the file you uploaded goes to
* Versioning - managing different versions of your file
  and restore previous versions
* Encryption
* Security - using ACL (Access Control Lists) and 
  bucket policies

S3 is object-based storage. The data itself is spread across multiple locations.

Files can be from 0 Bytes to 5 TB. There is unlimited storage.
Files are stored in buckets. Bucket name must be globally unique

* For example: https://s3-eu-west-1.amazonaws.com/mybucket
* HTTP 200 code is returned when a file
  is uploaded successfully to S3

Objects consist of:

* Key - name of the object
* Value - the data itself
* Version ID - used for versioning
* Metadata - data about the data

Data consistency

* New objects - writing a new file, you will be able immediately read it
* Overwrite and deletes - updating a file or deleting it, you may get the
  older version when reading it as changes to objects can take some time to
  be applied

Transfer Acceleration

* when used, users will upload a file to the edge location which will then upload the 
  files from edge locations to the bucket in specific location using optimized network path (Amazon internal network)

Cross Region Replication

* For example: you have a bucket in Europe and you upload there a file from USA. This file will be replicated to USA region.

Charges

* You are charged for the following: storage, requests, storage management, data transfer, transfer acceleration and cross region replication

Storage Classes

* Standard:
  * Used for general, all-purpose storage (mostly storage that needs to be accessed frequently)
  * The most expensive storage class 
  * 11x9% durability
  * 2x9% availability
  * Default storage class

* Standard-IA (Infrequent Access)
  * Long lived, infrequently accessed data but must be available the moment it's being accessed
  * 11x9% durability
  * 99.90% availability

* One Zone-IA (Infrequent Access):
  * Long-lived, infrequently accessed, non-critical data
  * Less expensive than Standard and Standard-IA storage classes
  * 2x9% durability
  * 99.50% availability
  
* Intelligent-Tiering:
  * Long-lived data with changing or unknown access patterns. Basically, In this class the data automatically moves to the class most suitable for you based on usage patterns
  * Price depends on the used class
  * 11x9% durability
  * 99.90% availability

* Glacier: Archive data with retrieval time ranging from minutes to hours
* Glacier Deep Archive: Archive data that rarely, if ever, needs to be accessed with retrieval times in hours
* Both Glacier and Glacier Deep Archive are:
  * The most cheap storage classes
  * have 9x9% durability

Hosting a website

* You can host static websites on s3
* You cannot host dynamic websites on s3
* s3 scales automatically to meet your website demands

Comments