Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
22 views13 pages

S3 Section

Uploaded by

muscabfuad76
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
22 views13 pages

S3 Section

Uploaded by

muscabfuad76
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 13

ALPHA UNIVERSITY COLLEGE

AWS Certified Cloud Practitioner


CLF-C02
Amazon S3 Section
Grades: 9 - 12 CCSS, NGSS

Introduction
• Amazon S3 is one of the main building blocks of AWS
• It’s advertised as ”infinitely scaling” storage

• Many websites use Amazon S3 as a backbone


• Many AWS services use Amazon S3 as an integration as wel
l
• We’ll have a step-by-step approach to S3
Amazon S3 Use cases
• Backup and storage
• Disaster Recovery
Nasdaq stores 7 years of
• Archive • Hybrid Cloud storage data into S3 Glacier

• Application hosting
• Media hosting
• Data lakes & big data analytics
Sysco runs analytics
• Software delivery on its data and gain business
insights
• Static website
Amazon S3 - Buckets
• Amazon S3 allows people to store objects (files) in “buckets” (directories)
• Buckets must have a globally unique name (across all regions all accounts)
• Buckets are defined at the region level
• S3 looks like a global service but buckets are created in a region
• Naming convention
• No uppercase, No underscore
• 3-63 characters long
• Not an IP
• Must start with lowercase letter or number
Amazon S3 - Objects
• Objects (files) have a Key
• The key is the FULL path:
• s3://my-bucket/my_file.txt
• s3://my-bucket/my_folder1/another_folder/my_file.txt
• The key is composed of prefix + object name
• s3://my-bucket/my_folder1/another_folder/my_file.txt
• Object values are the content of the body:
• Max. Object Size is 5TB (5000GB)
• If uploading more than 5GB, must use “multi-part upload”
Amazon S3 – Security
• User-Based
• IAM Policies – which API calls should be allowed for a specific user from IAM
• Resource-Based
• Bucket Policies – bucket wide rules from the S3 console - allows cross account
• Object Access Control List (ACL) – finer grain (can be disabled)
• Bucket Access Control List (ACL) – less common (can be disabled)

Note: an IAM principal can access an S3 object if


• The user IAM permissions ALLOW it OR the resource policy ALLOWS it
• AND there’s no explicit DENY

• Encryption: encrypt objects in Amazon S3 using encryption keys


S3 Bucket Policies
• JSON based policies
• Resources: buckets and objects
• Effect: Allow / Deny
• Actions: Set of API to Allow or Deny
• Principal: The account or user to apply the policy to
• Use S3 bucket for policy to:
• Grant public access to the bucket
• Force objects to be encrypted at upload
• Grant access to another account (Cross Account
Example: Public Access - Use Bucket Policy
Example: User Access to S3 – IAM permissions
Example: EC2 instance access - Use IAM Roles
Advanced: Cross-Account Access – Use Bucket Policy
Amazon S3 – Static Website Hosting
• S3 can host static websites and have them accessible on the Internet

US-WEST-2
• The website URL will be (depending on the region)
• http://bucket-name.s3-website-aws-region.amazonaws.com
OR
• http://bucket-name.s3-website.aws-region.amazonaws.com (demo-bucket)

• If you get a 404 Forbidden error, make sure the bucket policy allows public reads!

You might also like