IAM - Identity Access Management
Allows you to manage users and their level of access to AWS Console centralised control Shared Access Granular Permissions Identity Federation (Active Directory, Facebookm, Linkedin etc) Multifactor Authentication – 2 factor auth etc Provide Temp access for users/devices and services. Set up password policies Integrates with many AWS services Supports PCI DSS Compliance (Security Standards https://www.pcisecuritystandards.org/pci_security/ ) Not Region Specific!
Critical Terms User – end Users Group – collection of users under one set of permissions Role – Create roles and assign them to AWS resources, e.g. EC2 instance Policies – doc that defines one or more permissions can attach to User/Group/role
Simple Storage Service - S3- AWS Object Storage and CDN
S3 – secure, highly – scalable object storage. Easy to use, simple web services interface for storage and retrieval of any amount of data from anywhere on the web The data is spread across multiple devices and facilities Object storage can upload files - Can not store DB or OS (would need block based storage) Files can be from 1byte to 5TB Unlimited storage Files are stored in buckets (like dirs) Universal name space – unique globally Read after Write consistency for PUTS of new Objects Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate).
Objects consist of Key – Value stores with the following Key - is the name of the object – accounts.pdf Value - is a sequence of bytes, the data Version ID Metadata Sub resources Access Control Lists
Amazon garuntee 99.99% availability for s3 and 99.999999999$ durability (11 9s) Tired Storage Available Lifecycle Management Versioning – different versions of objects Encryption Secure data user access control lists and bucket policies
Tiers and Classes S3 (Basic) – Durable immediately available, frequent accessed S3 IA (Infrequently Accessed) Durable immediately available, frequent accessed Lower fee than s3 Reduced Redundancy Storage RRS – Data that is easily reproduced such thumbnails Glacier – Very Cheap, archival only, it takes 3-5 hrs to restore from Glacier Charge on the following – Storage, requests, data transfer pricing
Standard Standard infrequently used Reduced Redundancy Storage Durability 99.999999999% 99.999999999% 99.99% Availability 99.99% 99.99% 99.99% Concurrent facility fault tolerance 2 2 1 SSL support Yes Yes Yes First byte latency Milliseconds Milliseconds Milliseconds Lifecycle Management policies Yes Yes Yes
Version Control Go to S3 and open bucket and properties and enable Versioning. Versioning cannot be disabled once enabled. It can only be suspended It saves every version if every object within the bucket. If you delete a file it creates a delete marker. So when hiding versions the file does not show up. To restore the file we can delete the ‘delete marker’. Multi factor authentication on deletes
Cross region replication – new files are replicated to other regions. Old files are not replicated. This needs versioning enabled on source and target buckets