AWS S3服务 笔记

S3
1.      S3是什么以及S3的优势

2.      S3的一些基本概念（数据一致性model）

3.      Features:RRS/Bucket Policies /ACL/versioning/IAM/Operations

4.      数据保护(服务器端加密/客户端加密)

4.1.   服务器端加密 S3在将数据写入disk时加密，在读取时解密好后返回。服务器端加密只加密object，不加密相应的meta data；客户端加密

4.2.   使用RRS 如何起到保护数据的作用

4.3.   使用versioning 作用是防止意外错删，被覆盖。还能有备份作用。

Access control: who can access, the type of access.

Authentication process: who is trying to access.

Each object is stored and retrieved using a uniquedeveloper-assigned key.

An object can be uniquely addressed through thecombination of the web service endpoint, bucket name, key, and optionally, aversion.

Us-standard: eventual consistency for all requests.

Other region: read-after write(PUT new object);eventual consistency(overwrite PUTS and DELETES).

It will take some time to replicate changes acrossS3. What will happen?

S3 does not currently support object locking,如果有两个线程同时访问并且改变tothe same key

S3 will never write corrupted or partial data.

 

RRS:用于存储分发分享内容/缩略图改换编码后的流媒体文件，其他处理过的文件,关键是RRS方式存储的资源可再生。

 

S3 bucket policy example:

{

  "Version":"2012-10-17",

  "Statement":[{

        "Sid":"AddCannedAcl",

        "Effect":"Allow",

          "Principal": {

            "AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666:root"]

         },

          "Action":["s3:PutObject","s3:PutObjectAcl"

      ],

      "Resource":["arn:aws:s3:::[code]examplebucket

/*"[/code]

      ],

      "Condition":{

        "StringEquals":{

          "s3:x-amz-acl":["public-read"]

        }

      }

    }

  ]

}

 

In the REST interface, metadata is returned in HTTPheaders

Access key à AWS SDK API

Signing certificates: for soap, rest httpcall(directory not using aws api)

 

Virtual Hosting of Buckets?

System metadata and user-defined metadata.

Amazon S3 maintains object creation date and size metadataand uses this information as part of object management.content-md5/content-length/Date(creation date)

Only Amazon S3 generates version IDs

 

LifeCycle Configuration包含两种方式：

                automatedarchival to lower cost storage in Amazon Glacier

scheduled deletions.

 

Vaults --archives

Server-side encryption encrypts only the object data. Anyobject metadata is not encrypted.