Please enable JavaScript.
Coggle requires JavaScript to display documents.
AWS Storage Service Overview (S3 s3 (Security (Highly secure, supports…
AWS Storage Service Overview
S3
Use Pattens
Used to store and distribute static web content and media
Used to host entire static websites
Used as highy durable, scalable, and seecure solution for backup and archiving of critical data.
Used as a data store for computation and large-scale analytics.
Performance
Durability and Availability
99.999999999% durability/year
99.99% availability
Error correction is built-in, and there are no single points of failure
choice of enabling cross-region replicate on each Amazon S3 bucket
Scalability and Elacticity
designed to offer a very high level of scalability and elasticity
unlimited number of file
Security
Highly secure, supports encrytion
manage access to S3 by granting other AWS account or users permission by writing
policy
can protect at rest by using
server-side encryption
(decrypt when download) or by using
client-side encryption
can protect in transit by using
Sercure Sockets Layer (SSL)
or
client-side encryption
Versioning
Multi-Factor Authentication (MFA)
Interfaces
Cost model
CloudFront
Glacier
Scalability and Elasticity
a single archive is limited to 40TB in size
no limited to the total amount of data
auto scales storage up or down as needed
Security
can setup data access control by using IAM
server-side encryption to encrypt all data at rest (auto encrypt)
using 256-bit Advanced Encryption Standard (AES-256)
Durability and Availability
99.999999999% durability for an archive
synchronously stores data across multiple facilities before returning SUCCESS
automatically self-healing
Interface
2 ways to use Glacier
can be accessed using the Java SDK or the .NET SDK.
using Glacier API
as a class in S3 by using object lifecycle mgmt
using S3 API or S3 console
Retrieval puts a copy of the retrieved object in S3 Reduced Redundancy Storage (RRS) for a specified retention period
Performacne
Cost model
Use pattens
Archiving data
Snowball
Storage Gateway
Use patterns
corporate file sharing, enable existing on-premises backup applications to store primary backups on Amazon S3, disaster recovery, and mirroring data to cloud-based compute resources and then later archiving it ti glacier
Scalability and Elasticity
upload to S3 and Glacier so...
Security
using IAM to controlling access to AWS Storage Gateway
Encrypt all data in transit to and from AWS by using SSL
Encrypt data at rest, snapshot, gateway cached, gateway stored using AES-256
supports authentication between gateway and iSCSI initiators by using Challenge-Handshake Authentication Protocol (CHAP)
Interface
Download the AWS Storage Gateway VM on-premises or on to an EC2 instance
Performance
depends upon a number of factors
the factors include the speed and configuration of your underlying disk, the network bandwidth between [iSCSI initiator and gateway VM] and [gateway Vm and S3], the amount of local storage allocated to the gateway VM
SG effiently uses Internet bandwidth to speed up the uploads on-prmises application data to AWS
upload data that has changed (like snapshot)
Cost model
Durability and Availability
upload to S3 and Glacier so....
EC2 Instance Storage
Performance
Scalability and Elasticity
can't increase or decrease number of instance storage volumes on a single EC2
can scale by increase or decrease number of running instance
Interface
no separate management API
using the block device mapping feature of Amazon EC2 API and the AWS mgmt console
no separate data API
store volumes appears just like a local drive
Durability and Availability
not intended to be used as durable disk storage
data lost if EC2 instance stops, restarts, terminates or fails
Use patterns
EC2 local instance volume - only be used for EC2
ideal for temporary storage of information that is continually changing
Security
IAM to perform operations of ec2 instance
Acess to an EC2 instance is controlled by the guest operating system
Cost model
EBS
Use patterns
Meant for data that changes relatively frequently and needs to persist beyond the life EC2 instance
Durability and Availability
Designed to be highly available and reliable
EBS volume data replicated across multiple servers in a single AZ to prevent the loss data from failure
designed for an annual failure rate (AFR) of between 0.1 - 0.2%
point-in-time backup
Scalability and Elasticity
Using the aws management console or the amazon EBS API to easily and rapidly provision and release EBS volume to scale in or out total storage demands
effectively resize a volume using a snapshot
Security
IAM enables access control for EBS volume, allowing to specify who can access which EBS volume
EBS encryption enables data-at-rest and data-in-motion security
encryption keys are Amazon-managed or keys that you create and manage using the
AWS Key management Service (AWS KMS)
Performance
SSD-backed storage volumes
General Purpose SSD (gp2)
Use Cases: I/O-intensive NoSQL and relational databases
ideal for a broad range of workloads, deliver single-digit millisecond latencies
Provisioned IOPS SSD (io1)
Use Cases: Boot volumes, low-latency, interactive apps, dev & test
designed to deliver predictable high performance attribute IOPS
HDD-backed storage volumes
Throughput Optimized HDD (st1)
Use Cases: Big data, data warehouse, log processing
ideal for frequently accessed, throughput-intensive workload with large datasets and large I/O size
Cold HDD (sc1)
Use Cases: Colder data requiring fewer scans per day
ideal for infrequnetly accessed workloads with large, cold datasets with large I/O sizes
Interface
Cost model
EFS
Use Patterns
designed to meet the needs of multi-threaded applications and concurrently access data from multiple EC2 instance
suppports highly parallelized workloads and designed to meeet the performance needs of bigdata and analtics,...
Performance
distributed across an unconstrained number of storage servers
2 different modes available
General Purpose
default mode and is appropriate for most file system
Max I/O
optimized for applications where tens, hundreds, or thousands of EC2 instances are accessing the file system
optimized to burst at high-throughput levels for short periods of time, while delivering low levels of through put the rest of the time
burst depend on credit, which determine rate for periods of time
Durability and Availability
designed to be highly durable and highly available as
S3
Scalability and Elasticity
Automatically scales (up or down)
can grow from an empty file to multiple petabytes automatically, and there is no provisioning, allocation or administration
Security
3 level of access control to consider
IAM permissions for API calls
enable access control for administering EFS file systems, allow to specify an IAM identity to create, delete, and describle EFS file system resources
Securiy groups for EC2 instances and mount targets
act as firewalls and enforce rules that define traffic flow between EC2 instances and EFS file systems
Network File System-level users, groups, and permissions
EFS uses numeric IDs to check permissions when a user attempts to access a file system object
Interface
amazon offer a network protocol-based HTTP API for managing EFS
The API actions and EFS used to create, delete, and describe tags; and describe and modify mount target security groups
AWS console give all the capacities of the API in a brower interface
EFS file system use
Network File System version 4 (NFSv4)
and version 4.1 (
NFSv4.1
) for data access
Cost model
