ZSU

ZSU

Habe interesse für Data-Engineering. Liebe Fußball.

[Cloud] AWS S3

1 minute read

AWS S3

  • S3 Overview
  • Buckets
  • Objects
  • Versioning
  • Encryption

S3 Overview

  • S3 is a ”infinitely scaling” storage
  • Store objects(files) in buckets(directories)
  • Versioning

Buckets

  • Buckets must have a globally unique name & are defined at the region level
  • Naming Convention for a bucket
    • No uppercase
    • No underscore
    • 3-63 characters long
    • Not an IP
    • Must start with lowercase letter or number

Objects

  • Objects(files) have a Key
  • The key is the FULL path
    • s3://my-bucket/my_file.txt
    • s3://my-bucket/my_folder1/my_folder2/my_file.txt
  • The key is composed of prefix + object name
    • s3://my-bucket/my_folder1/my_folder2/my_file.txt
    • prefix: my_folder1/my_folder2
    • object name: my_file.txt
  • There’s no concept of directories within buckets, it’s just keys with very long names that contain slashes
  • Object values are the content of the body
    • Max Object size is 5TB
    • If uploading more than 5GB, must use “multi-part upload”
  • Each Object can have Metadata, Tags, and Version ID
    • Metadata: List of text key / value pairs(system or user metadata)
    • Tags: Unicode key / value pair – up to 10(useful for security / lifecycle)
    • Version ID: if versioning is enabled

Versioning

  • Can version files in S3
  • Enabled at the bucket level
  • Same key overwrite will increment the version
  • Any file that is not versioned prior to enabling versioning will have version null
  • Suspending versioning does not delete the previous versions

Encryption

  • SSE-S3: Encrypts S3 objects using keys handled & managed by AWS
    • Encryption using keys handled & managed by Amazon S3
    • Object is encrypted server side
    • AES-256 encryption type
    • Done by setting header as “x-amz-server-side-encryption”: “AES256”
  • SSE-KMS: Leverage AWS Key Management Service to manage encryption keys
    • Encryption using keys handled & managed by KMS
    • KMS Advantages: user control + audit trail
    • Object is encrypted server side
    • Done by setting header as “x-amz-server-side-encryption”: “aws:kms”
  • SSE-C: When wanting to manage own encryption keys
    • Server-side encryption using data keys fully managed by the customer outside of AWS
    • Amazon S3 does not store the encryption key
    • HTTPS must be used
    • Encryption key must provided in HTTP headers, for every HTTP request made
  • Client Side Encryption
    • Client library such as the Amazon S3 Encryption Client
    • Clients must encrypt data themselves before sending to S3
    • Clients must decrypt data themselves when retrieving from S3
    • Customer fully manages the keys and encryption cycle

Tags: ,

Categories:

Updated:

You may also enjoy