- Availability Zone is one or more data centres, each with redundant power, networking and connectivity, housed in separate facilities so each AZ is designed to be an independent failure zone
- Region is a geographical/physical area. Region consists of two or more availability zones
- Edge locations are endpoints for AWS which are used for content caching
IAM is used for managing users and their level of access to AWS Console.
It is universal meaning, it’s not applied per region.
- Users - People who are using AWS
- Groups - A collection of users who inherit their permissions from the group permissions
- Policies - These are Policy documents. They are in JSON format and their purpose is to give permissions as to what a user, group or role are able to do
Roles - A way for allowing a service of AWS to use another service of AWS. You assign roles to AWS resources.
- Root account - This is the account created when you create your AWS account.
Note: when new users created they don’t have permissions. They are assigned with Access Key ID and Secret access which used for CLI and API access but can’t be used for AWS console.
- Granular Permissions - you can determine who has access to different services
- Shared Access for AWS account
- MFA (Multi-Factor Authentication)
- Authentication from external identities source like Facebook, Linkedin, etc.
- PCI DSS Compliance compatible
- Temporary access for users, services and devices
- Customized password policy
- Integration with other AWS services
- Centralized location for AWS account
“Amazon Simple Storage Service (Amazon S3), provides developers and IT teams with secure,
durable, highly-scalable object storage. Unity developers can take advantage of S3 to dynamically
load assets used by their games. This can make games initially download quicker from app stores.”
* Tiered Storage Available * Lifecycle Management - manage which storage tier the file you uploaded goes to * Versioning - managing different versions of your file and restore previous versions * Encryption * Security - using ACL (Access Control Lists) and bucket policies
S3 is object-based storage. The data itself is spread across multiple locations.
Files can be from 0 Bytes to 5 TB. There is unlimited storage.
Files are stored in buckets. Bucket name must be globally unique
* For example: https://s3-eu-west-1.amazonaws.com/mybucket * HTTP 200 code is returned when a file is uploaded successfully to S3
Objects consist of:
* Key - name of the object * Value - the data itself * Version ID - used for versioning * Metadata - data about the data
* New objects - writing a new file, you will be able immediately read it * Overwrite and deletes - updating a file or deleting it, you may get the older version when reading it as changes to objects can take some time to be applied
* when used, users will upload a file to the edge location which will then upload the files from edge locations to the bucket in specific location using optimized network path (Amazon internal network)
Cross Region Replication
* For example: you have a bucket in Europe and you upload there a file from USA. This file will be replicated to USA region.
* You are charged for the following: storage, requests, storage management, data transfer, transfer acceleration and cross region replication
* S3 standard - 99.99% availability and 11x9 durability * S3 IA - Infrequently access but rapid access when needed * S3 One Zone IA - lower cost option for IA without multiple AZ data resilience * S3 Intelligent Tiering - ML based, designed to optimized costs by automatically moving to most cost-effective access tier * S3 Glacier - secure, durable and low-cost storage for data archiving * S3 Glacier Deep Archive - most lost cost storage class where a retrieval time of 12 hours is fine
Hosting a website
* You can host static websites on s3 * You cannot host dynamic websites on s3 * s3 scales automatically to meet your website demands