about:blank

Chapter Amazon Simple Storage

Topics covered in this unit:

• Introduction

• Amazon

• Amazon Durability

• Bucket,

• Authorization Access Control Model

• Amazon S3 Pricing

Introduction
S3 stands service and was one of the
Amazon. popular services of Amazon.
limitless Web service API. It has
means single object is once
data which fast and highly available, and you go
model with very minimal rates.

1 of 22 3/9/2020, 2:48 PM
 about:blank

S3 Basic Operations
Amazon S3 is a web object store. It stores data as objects within recourses called
buckets. Data can be uploaded and downloaded from Amazon S3 anywhere from the
web using AWS services APIs. You can store objects within a bucket and read, write,
and delete

Objects other tools like web browsers.

The power virtually infinite storage resource

There are be signed. Just start storing data and pay for
the resources used at the end of the billing cycle. A single object can be up to 5
terabytes in size.

Uploading an Image in S3 called Mypic.jpg

Data Centre 1 is Processing the Image Upload

2 of 22 3/9/2020, 2:48 PM
 about:blank

The Image is getting Replicated to all the other Data Centers

Downloading

One request.

S3 Namespace
Amazon namespace divided into entities called buckets keys. bucket is a
conceptual container for objects stored in S3. Each object stored in S3 has a bucket
that the object belongs to and a unique identifier key. A bucket is thus an entity that

3 of 22 3/9/2020, 2:48 PM
 about:blank

group objects and can simulate folder like behavior for access control. A bucket
contains any number of objects.

Bucket namespace is shared among all the users. This means that while creating a
bucket if another user has a bucket of the same name, you will not be allowed to
create a bucket with that name. The bucket name must be unique to all the users.
This be unique across the

S3 Namespace

Buckets characters up to 63 characters

be lowercase. name restrictions, please
http://docs.amazonwebservices.com/AmazonS3/latest
/dev/BucketRestrictions.html Amazon S3 allows only 100 unique buckets per AWS
account.

S3 can store up to 5TB of objects. Type and content of the object are opaque to S3.
Objects associated with them, which
metadata Contenttype and last modified

Each key that identifies

sequence UTF-8 encoding which
bytes long. namespace is private to the user. Thus, create any
keys they want, without worry about possible conflicts without users. The combination
of bucket and key uniquely identifies an object stored in S3 (when the versioning

4 of 22 3/9/2020, 2:48 PM
 about:blank

option is used, a version is also required to identify an object uniquely).

Consistency Model
Consistency model manages the shared data that is distributed in a shared memory
system.

Consistency for visibility and order

kept

Types

• Memory Consistency Model

• Strict Consistency

• Sequential Consistency

• Casual

• Weak

• Eventual

S3’s Consistency Model

Amazon S3 provides a Read-after-write consistency and eventual consistency. Read-

after-write PUT operation performed
added consistency for overwrite
operation

Understanding Consistency

Eventual consistency model is a type of consistency model used in distributed

computing to get high availability if no fresh updates are made to the data the last

5 of 22 3/9/2020, 2:48 PM
 about:blank

updated version is returned. It is also called optimistic replication.

Eventually Consistent Read Consistent Read

Stale reads possible No stale reads

Lowest read latency Potential higher read latency

Highest Potential lower read

Eventually Consistent Read

Amazon and Durability

Amazon storage system. Amazon
99.999999999% durability of objects stored. For example, if you store 10,000 objects
with Amazon S3, the probability of loss of a single object is once every 10,000,000
years. Thus, for many use cases, data stored in Amazon S3 seldom requires
replication anywhere else. (We can introduce Cross Region Replication.) Many use
cases require a secondary copy somewhere else.

Customers high durability for the

durability option is called Reduced This
type can be easily regenerated
the same standard S3 objects get.
gets about durability of a typical hard drive.

Amazon S3 is designed for 99.99% availability. This availability guarantee is part of

the Service Level Agreement (SLA) the customer gets service credits if his availability
falls below 99.9%.

Amazon
Amazon Request to S3 must
credentials.

This can be cumbersome hence an alternative is used:

6 of 22 3/9/2020, 2:48 PM
 about:blank

• AWS SDK is used to send requests

• AWS CLI is used to make API calls

PUT Object

PUT bucket. To add an object

have bucket. You receive an acknowledgment
successful

An example below:

PUT /ObjectName HTTP/1.1

Host: BucketName.s3.amazonaws.com
Date: date
Authorization:
(see AWS Signature Version

GET

GET object the object from the Amazon S3. you must
have READ access to your object. An example syntax is given below:

GET /ObjectName HTTP/1.1

Host: BucketName.s3.amazonaws.com
Date:
Authorization:
(see AWS Signature Version4)
Range:

DELETE

The DELETE object API removes the null version of the object and inserts a delete

7 of 22 3/9/2020, 2:48 PM
 about:blank

marker. This is considered as the current version of the object. Amazon S3 does not
remove any object until a null version of it is present. An example syntax is given
below:

DELETE /my-second-image.jpg HTTP/1.1

Host: bucket.s3.amazonaws.com
Date: GMT
Authorization:
Content-Type:

A sample follows:

HTTP/1.1 204 NoContent

x-amzid-2: LriYPLdmOdAiIfgSm/F1YsViT1LW94
/xUQxMsF7xiEb1a0wiIOIxl+zbwZ163pt7
x-amz-requestid: 0A49CE4060975EAC
Date GMT
Content-Length:
Connection:
Server:

Authorization Access Control

Amazon S3 makes you able to manage access to objects and buckets using access
control lists (ACLs), bucket policies and IAM policies. These can be used
independently or together.

An Access used to give access to

consists permission associated
buckets provides access to resources
deny

8 of 22 3/9/2020, 2:48 PM
 about:blank

List of

List of Bucket ACL

By default, Amazon S3 is The default ACL grants full rights to the and
denies

The grantee one or more of the

• Everyone: enable any anonymous user to have resource.

• Specific AWS accounts: Any AWS account can be granted rights to the S3
resource. You grant permission to an AWS account by the authorized user ID or
the email address.

• All enable ALL AWS users

resource.

• Owner: to the owner of the

counterintuitive explicitly listed, but there
the generated resource may not want
in a producerconsumer type of setup where the producer might not want access to
the data after it’s been saved in S3.

9 of 22 3/9/2020, 2:48 PM
 about:blank

Permission When granted on a bucket When allowed on an object

READ Allows bucket listing Allows object and metadata reading

WRITE Allows creating, overwriting, and - NA -

deleting any object in the bucket

READ_ACP Allows reading the bucket ACL Allows reading the object ACL

WRITE_ACP for the bucket Allows

FULL_CONTROL on the bucket Allows

The grantee

Bucket access control management

objects scripted in JSON statements. grants
access and denies access. With a single API call, you can change access control of
the S3 bucket. Some of the features include controlling access from the source IP
address, granting rights to specific AWS accounts and ability to allow or deny access
to API calls.

S3 Multipart

S3 multipart upload a single object

simple then uploading in multiple
automatically uploads. Parts can be
throughput. They be uploaded in any order and re-transmitted.
Smaller parts make retry on network failures less costly. Uploads can be paused and
resumed. Objects can be uploaded even before the final size is known, i.e., you can
upload the object as you are creating it.

S3 Data

S3 data security for your data.

encrypts in its data centers
access provides you with the
before

Amazon S3 uses 256-bit Advanced Encryption Standard (AES-256) to encrypt your

10 of 22 3/9/2020, 2:48 PM
 about:blank

data. When you upload an object, you can mention that S3 should encrypt the data.
You simply PUT an object and request encryption (in an HTTP header). Bucket
policies to allow, mandate, or forbid encryption at the bucket or object level.

Server-Side Logging

Server-side generate logs of any

Each such as request type,
request which the request was
logging and must be enabled

S3 Versioning

Instead of overwriting your objects, you can set versions on them using the S3
versioning feature. You can have two objects with the same key but different version
IDs. If the object is accessed by key, then the latest version of the object is returned.
The object be accessed by “Key”
delete, just a delete marker

Object

Object lifecycle management allows you to manage the lifecycle objects within a
bucket. A set of rules with pre-defined actions allows managing object lifecycle. This
is achieved attaching a prefix to the bucket. The prefix field specifies objects subject
to the expiration rule and the time after which the objects must be deleted. The
objects automatically deleted after expiry period.

Actions include:

• Transition another storage type

storage

• Expiration action: Object expiration is specified, and the object is deleted upon
expiration on your behalf.

11 of 22 3/9/2020, 2:48 PM
 about:blank

Static Website Hosting

Amazon Simple Storage Service can be used to host a static website with static
content. They can include client-side scripts. Dynamic websites cannot be hosted on
S3. For hosting a website, an S3 bucket is configured, and the content of the website
is later uploaded which can then be accessed via a Region-specific end-point of the
bucket. s3-website-<AWS-region>.
Another website is by using your
example.

The default referred to as index

returned request to the root of the website or any arrives
consider an example, http://www.example.com (the user is directed to the index
page).

Amazon S3 provides a list of basic HTTP response code (400,403,404) in case of

error You can also provide
by including configuration of the bucket. are
returned of error codes. You
coming object within the same
Redirection adding the x-amz-website-redirectlocation
object metadata. hosting a website has both website the
REST endpoint.

Region-Specific Website Endpoint

Redirection on x-amz-website-redirect-location

REST

The requested instead of redirecting

Requester Pays Bucket

12 of 22 3/9/2020, 2:48 PM
 about:blank

Usually, the owner of a bucket pays for its storage and data transfer. If the bucket is
configured as a Requester Pays Bucket, the requester pays for the request and data
downloaded from the bucket. The owner still bears the cost of storing the data but
does not incur charges associated with others accessing the data. Anonymous
access to the bucket is prohibited.

This datasets. After you

Requester must include “x-amz-request-payer”
their

Cross-Region

Cross-Region replication is a bucket level feature. It enables automatic asynchronous

copying of objects to buckets placed in different AWS regions. To enable Cross-
Region replication, you must add replication configuration to the bucket which hosts
your website. The object replicas are an exact copy of the object in the source
bucket. metadata and keynames.
latency

Requirements replication:

• Source buckets must version-enabled

• Source and destination buckets must be in different regions

• You can replicate an object from a source bucket to only one destination bucket

Transfer

Transfer secure and fast transfer

and Amazon CloudFront’s globally
is routed using optimized network path. Data transfers using Acceleration
incur additional charges.

13 of 22 3/9/2020, 2:48 PM
 about:blank

Before starting with transfer acceleration perform the following tasks:

• The bucket name must conform with DNS naming constraints

• Transfer data using one of the following endpoints: bucketname.s3-

accelerate.amazonaws.com or bucketname.s3-
accelerate. amazonaws.com

Amazon Acceleration Speed Comparison

compare non-accelerated upload speeds.
to

Storage Classes in Amazon S3

Amazon S3 provides the different range of storage classes. S3 also provides

configuring the lifecycle policies helps to manage your data.

S3 Standard

Amazon the object storage

This option objects between all the Availability region. S, it
can sustain the concurrent data loss of the two Availability Zone. S3 Standard has
99.999999999% of durability and 99.99% on the objects. it is backed by Amazon S3
Service Level Agreement for availability.

default storage class. When

class. S3 considers it has

Reduced

It is a new storage option in S3, which enables customers to reduce their costs by
storing noncritical, diminished data at lower levels of redundancy than Amazon S3’s
standard storage.

14 of 22 3/9/2020, 2:48 PM
 about:blank

It is cost-efficient, highly available for distributing or sharing content that is durably

stored someplace else. Data stored in RRS is replicated less time and costs less. It is
designed to provide 99.99% durability. RRS is backed by the Amazon S3 Service
Level Agreement for availability.

Infrequent Access Storage

Amazon Access is a storage

frequently rapid access when needed.
throughput, perfect combination
performance backups, and data
gives durability up 99% of objects. It is backed by Amazon Level
Agreement for availability.

Amazon S3 Select

Amazon help, analyze and process

Amazon cheaper ways. You
from SQL expressions. It
performance reduces query cost up to

S3 One Access

S3 One Zone-Infrequent Access (S3 One Zone-IA; Z-IA) is a new low-cost S3

storage class for infrequently accessed data which does not require multiple available
zone resilience. Typical use cases include the storage of secondary backup copies of
on-premises is already available
data Zone-Infrequent Access
Availability Standard.

S3 Standard-IA Glacier in which the data

minimum geographicallyseparated Availability Zones. for
99.5% availability over a given year and for durability of 99.999999999% of objects in
a single Availability Zone. Data can be uploaded directly into S3 One Zone-IA or by

15 of 22 3/9/2020, 2:48 PM
 about:blank

using S3 Lifecycle policies.

Amazon Glacier

Amazon Glacier is for archiving data. This option is for data which is not frequently
accessed and retrieving time of several hours are acceptable. It is extremely low-cost
storage

It is mainly storing back-up. It gives

Info: encrypts your data by default AES-256.

Amazon S3 Pricing
Amazon S3 charges you for the following three entities:

Storage monthly charge for the data

different

Prices are listed below.

S3 Pricing

Request charges for each request

that you

Below are associated with Singapore Region.

16 of 22 3/9/2020, 2:48 PM
 about:blank

Pricing Singapore Region

Data charges for all the

Amazon

There is no charge for data that comes into S3. Below are the current data transfer
rates for Singapore region.

S3 Data Singapore

Lab Storage Service (

In this bucket and uploading

accessing

1. Open a web browser and enter console.aws.amazon.com in the address bar

17 of 22 3/9/2020, 2:48 PM
 about:blank

and log in to your account

2. From Services, Select S3 from Storage Section

3.

4. Bucket Name. Select

Click Create

18 of 22 3/9/2020, 2:48 PM
 about:blank

5. Create a text file, Hello World, my name is ___ using notepad on your

6. have created in the

7. Click Upload

19 of 22 3/9/2020, 2:48 PM
 about:blank

8. Click Add Files

9. created in Step 5

10. Click Upload

20 of 22 3/9/2020, 2:48 PM
 about:blank

11. is uploaded to S3

12. Select the Object which you uploaded in the previous step. Select
public permissions
Objects Option under Access

21 of 22 3/9/2020, 2:48 PM
 about:blank

13.

14. Access using the path

22 of 22 3/9/2020, 2:48 PM