AWS: Amazon S3 Introduction
#️⃣Amazon S3 Use cases
- backup / storages
- Disaster Recovery
- Archive
- Hybrid Cloud storage
- Application hosting
- Media hosting
- Data lakes & big data analytics
- Software delivery
- Static websit
#️⃣ Buckets & Objects
1) Buckets 버킷
- store objects
- GLOBALLY UNIQUE NAME
- 위치는 in a region
2) Objects (파일)
- Have a Key
- key는 FULL PATH
- key는 prefix+object name
- ex. s3://my-bucket/my_folder1/another_folder/my_file.txt
- 디렉토리 개념 없음
- Objects values는 Content
- 최대 obj 사이즈 : 5TB(5000GB)
- 5GB 넘는 데이터 upload시, “multi-part upload” 이용
- 그 외 metadata, tags, version ID 보유함
#️⃣ Security
1) Security
1. User Based - IAM Policies
2. Resource Based
- Bucket Policies
- Object Access Control List (ACL)
- Bucket Access Control List (ACL)
3. Encryption
💡 !주의사항! IAM 원칙상 S3 Object에 접근 가능한 경우
✅ IAM Permission ALLOW 혹은 resource policy ALLOWS
✅필수 : there’s not EXPLICT DENY
2) Bucket Policies
- JSON 기반 정책 설정
- Resources
- Effect
- Actions
- Principal
{
"Version": "2012-10-17",
"Id": "PutObjPolicy",
"Statement": [{
"Sid": "DenyObjectsThatAreNotSSEKMSWithSpecificKey",
"Principal": "*",
"Effect": "Deny",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",
"Condition": {
"ArnNotEqualsIfExists": {
"s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:us-east-2:111122223333:key/01234567-89ab-cdef-0123-456789abcdef"
}
}
}]
}
3) 예제
- Public Access : Bucket Policy
- User Access to S3 : IAM permissions
- EC2 instances access : IAM Roles
- Cross-Account Access : Bucket Policy
4) Block Public Access
- 이거 설정하면 절대 public 안됨
- 회사 데이터 유출 막기 위함
- Can be set at the account level
#️⃣ Static Website Hosting
1) 정적 웹사이트 호스팅
- Allow Public reads for bucket (안 하면 403 Forbidden)
- 버킷 url에 ‘.’이 ‘-’ 로 변경되면 정적 웹사이트 호스팅 된 것임
#️⃣ Versioning 버전 관리
- 선택사항
- bucket level (버킷 단위임)
- same key overwrite will change version (같은 키 수정은 버전이 바뀜)
- 버전 관리 장점
- Protect against unintended delete
- Easy roll back to previous version
- 주의:
- 버전 관리 설정 후 새로운 객체만 version 매겨짐. 이전의 파일 버전은 null임
- Suspending versioning 해도 이전 버전 삭제되지 않음
#️⃣Replication 복제
1) Replication
- 필요사항(필수) : Versioning, IAM Permissions to S3(Read/Write)
- 다른 계정의 bucket도 가능
- 복제 시 Version_id 똑같이 유지됨
- Copying is asynchronous
- only new objects are replicated
- existing objects using S3 Batch Replication
- 선택사항 : replicate delete markers
- 주의 :
- Deletions with a version ID(영구삭제)는 복제 안됨
- NO Chaining _ex. b1→ b2 , b2→b3일 때 b1→ b3 안 됨
2) CRR & SRR
- CRR (Cross Region Replication) : 지역간 복제
- SRR (Same Region Replication) : 지역 내 복제
#️⃣S3 Storage Classes
1) Storage Classes
객체 생성 시 설정 가능. 이후 변경 ok
이를 자동화하려면 bucket > management > "Lifecycle Rules" 생성
- Amazon S3 Standard - General Purpose
- Amazon S3 Standard-Infrequent Access (IA)
- Amazon S3 One Zone-Infrequent Access
- Amazon S3 Glacier Instant Retrieval
- Amazon S3 Glacier Flexible Retrieval
- Amazon S3 Glacier Deep Archive
- Amazon S3 Intelligent Tiering
1+) Durability, Availability
- Durability
- High durability of objects across multiple AZ
- Same for all storage classes
- Availability
- Measures how readily available
- Vary depending on storage class
1+) 상세
- Standard - General Purpose
- 99.99 % Avail.
- default. frequently accessed data
- low latency
- Sustain 2 concurrent facility failures
- Infrequent Access (IA)
- less frequently. but rapid when needed
- Lower cost
- Amazon S3 Standard-Infrequent Access (IA)
- 99.9 Avail.
- uses : disaster recovery, backups
- Amazon S3 One Zone-Infrequent Access
- 99.5 Avail.
- High durability in a Single AZ
- uses : secondary backup
- Glacier
- low-cost for archiving/backup
- price : for storage + object retrevial cost
- Amazon S3 Glacier Instant Retrieval
- Millisecond retrieval. accessed once a quarter
- 최소 storage 기간 : 90 days
- Amazon S3 Glacier Flexible Retrieval
- Expedited (1 to 5 minutes), Standard (3 to 5 hours), Bulk (5 to 12 hours) – free
- 최소 storage 기간 : 90 days
- Amazon S3 Glacier Deep Archive
- Standard (12 hours), Bulk (48 hours)
- 최소 storage 기간 : 180h
- Intelligent Tiering
- small monthly , auto-tiering fee
- no retrieval charges
- Frequent Access tier (automatic): default tier
- Infrequent Access tier (automatic): objects not accessed for 30 days
- Archive Instant Access tier (automatic): objects not accessed for 90 days
- Archive Access tier (optional): configurable from 90 days to 700+ days
- Deep Archive Access tier (optional): config. from 180 days to 700+ days
참고
Ultimate AWS Certified Solutions Architect Associate SAA-C03
Section 11
'#️⃣ Cloud&Container > AWS' 카테고리의 다른 글
| [AWS-SAA] Advanced S3 (0) | 2023.06.16 |
|---|---|
| [AWS] Colab에서 Redshift 작업시 ActiveSqlTransaction 오류해결 (0) | 2023.05.26 |
| AWS Redshift 톺아보기 (0) | 2023.05.25 |
| [AWS] Elastic Beanstalk 구축 실습 (0) | 2023.05.15 |
| [AWS S3 오류] Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; (0) | 2023.05.11 |
