Dear readers,
I cleared my AWS certified SAA exam few months back.
For my exam, I prepared notes covering all important topics and key points to remember. I highly recommend the Udemy course by Ryan Kroonerberg.
The following notes are taken based on the aforementioned course material.
I've divided the notes into a 5 part series.
- Part 1: Introduction and AWS S3
- Part 2: AWS EC2
- Part 3: Databases
- Part 4: DNS, VPC, and HA(High-Availability)
- Part 5: Application Services and Serverless + Bonus
Disclaimer: These notes are to be used as supplementary material. Don’t rely entirely on the notes for your exam. Use these notes for last-minute revision before your exam.
S3 Notes
S3 consists of
- Keys
- Values
- Version ID
- Metadata
- Subresources
- ACL
- Torrents
Data consistency in S3
Read after write consistency for PUTS of a new object.
- Meaning: if you write a new file and read it immediately afterward, you’ll be able to view that data.
Eventual consistency for overwrite PUTS and DELETES( can take some time to propagate).
- Meaning: If you update AN EXISTING file or delete a file and read it immediately, you may get the older version, or you may not. Basically, changes to objects can take a little bit longer to propagate
S3 Guarantees
- S3 platform is Built for 99.99% availability
- But, Amazon will give you 99.9% availability ( for all customers )
- Amazon guarantees 99.99999999999% durability for S3 information. ( 99 followed by 11x9’s )
S3 Features
- Tiered Storage available
- Lifecycle Management
- Versioning
- Encryption
- MFA Delete
- Secure your data using Access Control Lists and Bucket Policies
S3 Storage Classes
- S3 Standard - 99.99% availability
- S3 - IA - 99.9% availability
- S3 Intelligent Tiering
- S3 One Zone - IA - 99.95% availability
- S3 Glacier - configurable retrieval ( from minutes to hours) - 99.99% availability
- S3 Glacier Deep Archive - 12 hours of retrieval time - 99.99% availability
S3 Pricing based on
- Storage
- Requests
- Storage management
- Data transfer
- Transfer Acceleration
- Cross-Region Replication
S3 General Notes
- FIles can be 0 bytes to 5TB
- Unlimited storage
- Address looks like this:
- bucketname.s3.amazonaws.com - If North Virginia
- bucketname.eu-central-1.s3.amazonaws.com - If other regions
- You can turn on MFA delete for objects in the S3 bucket - optional
- S3 is stored in a minimum of 3 AZ.
- ACL is for object-level & Bucket policy is for bucket level
- Once Versioning is enabled, It Cannot be disabled, It can only be suspended.
- Versioning stores all the versions of a file (including “delete marker”), If you delete the “delete marker”, then it will be recovered
- You can have 100 buckets/account
- S3 now supports 3500 PUTS/sec [ previously *before 2018, was only 100 PUTS/sec]
S3 Encryption
- Encryption at Transit
- Through SSL/TLS
- Encryption at Rest (Server Side)
- S3 Managed Keys; SSE-S3
- AWS KMS managed keys; SSE-KMS
- SSE with customer-managed keys; SSE-C
- Encryption at Rest (Client-Side)
AWS Organization
- Similar to IAM policy, we have SCP(Service control policies to define policy for aws accounts under the org account). Either apply SCP on Organization Unit(OU) or individual accounts.
Three ways to share S3 bucket across accounts
- Using Bucket Policies(Bucket level) & IAM (programmatic only)
- Using Access Control List(object level) & IAM (programmatic only)
- Cross-Account IAM Roles ( Programmatic & Console)
For CRR(Cross-Region Replication)
- Versioning must be enabled for both source and destination buckets
- Files in an existing bucket are not replicated. Only new files are replicated
- All Subsequent updated will be replicated
- Delete markers are not replicated
AWS Storage gateway
- To communicate on-premise with AWS Cloud
- Three types
- FIle gateway
- Volume gateway
- Stored Volume: Entire data on site, but asynchronously backed up to S3
- Cached Volume: Entire data on S3, frequently accessed data alone on site.
- Tape gateway (VTL - Virtual Tape Library)
Athena
- Used to run queries on S3 using SQL like language
Macie
- Uses AI to identify PII(Personal Identifiable Information) by analyzing the object's data in S3
Continue reading Part 2 - AWS EC2...