Please enable JavaScript.

Coggle requires JavaScript to display documents.

S3 summary (features (event trigger (can setup notification when object…

- - - - per object and not per bucket
      - classes-demo
        
        standard
        
        Standard IA
        
        One Zone IA
        
        Glacier
        
        Glacier Deep archieve
      - intellignet Tiering
        
        Automatically move from standard to standard IA based on Machine learning
      - Pricing
        
        Storage (Expensive from top to bottom) retrieving class ( Cheap from top to bottom)
- - - - Got to AWS monthly calculator: at the top
      - No need to do pricing example
- - - - Draw a squre box means region with 3 AZ (each Ax with 3 DC cluster )
        
        Draw S3 bucket outside the 3 AZ
        
        Then replicate to all 3 Aznad alow all the 3 DC in each AZ
        
        There will have time gap for replication from S3 bucket to 3 AZ
    - - It can provide Auto Scaling and HA
- - - - features
        
        Is about data encryption at rest
        
        Encrypts only the object data. Any object metadata is not encrypted.
        
        S3 handles the encryption (as it writes to disks) and decryption (when you access the objects) of the data objects such as content size, date and type
        
        No difference in the access mechanism for both encrypted or unencrypted objects and is handled transparently by S3
        
        KMS
        
        KMS uses customer master keys (CMKs) to encrypt the S3 objects.
        
        Master key is never made available
        
        KMS enables you to centrally create encryption keys, define the policies that control how keys can be used
    - - 2.Encrypting data before sending it to Amazon S3 and decrypting the data after downloading it
      - 1.Encryption master keys are completely maintained at Client-side
      - Uploading object
        
        steps:
        
        Upload
        
        Amazon S3 encryption client ( for e.g. AmazonS3EncryptionClient in the AWS SDK for Java) locally generates randomly a one-time-use symmetric key (also known as a data encryption key or data key).
        
        Client encrypts the data encryption key using the customer provided master key
        
        Client uses this dataencryption key to encrypt the data of a single S3 object (for each object, the client generates a separate data key).
        
        Client then uploads the encrypted data to Amazon S3 and also saves the encrypted data key and itsmaterial description as object metadata (x-amz-meta-x-amz-key) in Amazon S3 by default
      - download object
        
        Download
        
        Client first downloads the encrypted object from Amazon S3 along with the object metadata.
        
        Using the material description in the metadata, the client first determines which master key to use to decrypt the encrypted data key.
        
        Using that master key, the client decrypts the data key and uses it to decrypt the object