EBS (Elastic Block Store)

Primary offering to create and manage file systems and disc space, it is thick provisioned

Basics

• It is accessed through EC2 endpoint
• OS will view it as a local block device

Volume Types

SSD

SSD is designed for primarily smaller bits of data that are accessed randomly.

gp2

Operates on a creadit and burst system.

gp3

Allows to provision the number of IOPS and the amount of throughput for the storage.
Has a lower ceiling for the overall performance.

HDD

Designed for larger transfer of data that are on contiguous space on the volume itself.

ST1

Throughput optimized, better performance than sc1 but also cost a bit more

SC1

Cold storage

Setup EBS with Console

1. Go to EC2 console
2. Go to EBS Volumes
3. Click on Create volume
4. Leave the default, enable encryption
5. Create

S3

Region scoped object storage that is designed for durability

Object storage means that you cannot edit any files, you can only overwrite. So if you edit one word in a text file, it's going to overwrite the entire file.

It's optimized for WORM (write once, read many) workloads.

Basics

When you place an object in an S3 bucket, you are actually creating multiple replicas of that object.

Storage Classes

S3 Intelligent Tiering actually moves objects within each class to fit the appropriate use cases.

Features

Bucket policy
Acts similar to an IAM policy to grant or restrict access to the bucket

Bucket/object ACLs (Access Control Lists)
If you create a pre-signed URL for an objects in an S3 bueckt, it uses an ACL to provide that permission

Object encryption

Lifecycle rules
Move data through different classes of buckets as they age

S3 Versioning
Turns the bucket into a version contro system

Glacier Vault Lock

Guarantee that the data will not be deleted under any circumstances

Vault Log

A resource based policy you only get 24 hours to verify, and after the verification, that policy is locked forever.

Objects in S3

Every single object has its own URL that ou can use to access.

However, the data is private by default.

You can also create a pre-signed URL for the client to use without specific authentication and permissions to do so.

If you turn the bucket into a static web, you CANNOT use HTTPS.

Creating S3 Bucket in Console

1. Click Create bucket
2. For most use cases, ACLs can be disabled
3. Leave the default setting
4. Enable Deafult encryption, Amazon managed
5. Create bucket

Bucket Access from EC2 CLI

Copy a local file to S3

1. Copy to S3, if error occurs, you might have to add a region setting

$ aws s3 cp ./FILE_NAME s3://END_POINT

2. Copy dir is almost the same

$ aws s3 cp ./YOUR_DIR/ s3://END_POINT --recursive

3. Copy data from one bucket to another

$ aws s3 cp s3://FIRST_BUCKET/object_name s3://SECOND_BUCKET

Public Access in Console

The first two are for ACLs
Latter two are for bucket policies

Good practice would be to make public connections that are required AND THEN block public access for NEW connections.

Lifecycle Operations in Console

1. Go to bucket, click on Management
2. Create lifecycle rule
3. If there are overlapping logic, AWS will give a warning but it won't stop the action
4. So having an extensive rule is better than having multiple modular rules

Disclaimer

This summary is made possible by Oreilly's AWS, 3rd Edition - Chad Smith.
If the above post violates any copyright permissions, please let me know!