QQ咨询
阿里旺旺
#skype#
Posted in: AWS
AWS学习笔记-AWS S3
S3 是 AWS 推出的 第一個 SaaS,他看似簡單,但其實非常複雜,整理的摘要如下:
- 基本概念
- 功能
- 權限
S3 基本概念
S3 的名稱
- Buckets
- container: 容器
- S3 namespace at highest level: 名稱是唯一的, 而且是 global scope. 所以建立 bucket 的命名規則要想好。
- 官方建議:recommend that all bucket names comply with DNS naming conventions
- Objects
- fundamental entities: 基本儲存單位
- consist of object data and metadata
- metadata is a set of name-value paris, include:
- some default metadata, such as the date last modified,
- HTTP metadata, such as Content-Type.
- Custom metadata by you
- Uniquely identified by key (name) and a version ID
- Keys
- unique identifier for an object.
- The combination of a bucket, key, and version ID uniquely identify each object.
- be think of as a basic data map map: “bucket + key + version”
- Regions
- Objects stored a region never leave the region.
S3 Data Consistency Model (資料一致性模式)
- 寫入新的 Object 而且立刻 list bucket: 新的 Object 不會顯示在 list ,直到更改傳遞到所有的 servers
- 取代既有的物件,同時立刻讀取: S3 可能會傳回前一個物件,直到更改傳遞到所有的 servers
- 刪除既有物件,同時立刻讀取: S3 可能回傳要刪除的物件,直到更改傳遞到所有的 servers
- 善除既有物件,同時 list bucket 裡的 keys: S3 可能還是會顯示刪除的 object,直到更改傳遞到所有的 servers
S3 的功能
Reduced Redundancy Storage (RRS)
- reduce costs: 減少成本
- store non-critical: 儲存不重要的資料
- reproducible data: 重複性的資料
- cost-effective, highly available: 成本效益,高可用性
Bucket policies
- centralized
- access control to buckets and objects
- variety of conditional: S3 operations, requester, resource, and aspect of request
- access policy language
Bucket Configuration Options
- lifecycle
- website
- versioning
- policy and ACL
- CORS
- logging
- tagging
- location
- notification
- versions
- requestPayment
S3 權限
三種控制權限 (Authorized) 的方式
- User Policy: 這個 “User” 指的是 AWS Account, 或者 IAM Account
- Bucket Policy
- ACL
S3 的限制
Bucket Restrictions and Limitation
- 100 buckets in each AWS account
- bucket ownership is not tranferable.
- delete bucket, the name become available.
S3 FAQ
保護 S3 資料的方法
- IAM Policy
- Encryption: Client and Server Sides
- Bucket Versioning
- MFA Delete