Click to expand!
This is the content hidden inside the collapsible section. You can include any text or Markdown-formatted content here.
- multiple availability Zone
- between AZ at least 100 km
- Edgelocation purpose : endpoint for AWS used for Cache , CDN
- Compute: EC2, Lambda, Elastic Beanstalk
- Storage: S3, EBS, EFS, FSx, Storage Gateway
- Databases: RDS, DynamoDB
- Networkings: VPC, direct connect, Route 5, API Gatewayte , AWS Global Accelerator
- Allow to manage users and teir level of access to the AWS ressources
- IMA isn't related to a region or AZ
- New users: No permiissions when first created
- email adddress to wignup to AWS
- it has full control of all ressources to AWS
- Enable Multi facture auth
- Create Admin group for administrators, assign appropriate permessions
- Create user accounts for administrators
- Add users to admin group
- policy document JSON
- can be assigned To groups & roles (to groups is the more appropriate)
- Users: physical person
- Groups: functions
- Roles: Internal usage to enable interracting between ressources
- Simple Storage Service
- Scalable
- Secure
- Simple
- Upload any type of files
- Cannot used to OS or databases
- Unlimited Storage
- Up to 5 To for each objects
- Universal Namespace : name cannot be already used globaly
- Key-Value Store
- Key: name of the object
- Value: data itself
- Version ID
- Metadata: content type, modification date, ...
- High available & High Durable
- URL:
- https://bucketname.s3.region.amaso...com/Key-name
- Successful CLI or API uploads will generate an HTTP 200 status code.
- HA & HD : Replicated on 3 or more AZ
- Designed for frequent access to data
- Suitable for most Workloads
- Multiple Storage class for different use cases
- Lifecycle Management
- Versioning : go back and forth between version of S3 object even if it's deleted
- Server side encryption
- Access Control Lists (ACLs) for groups / accoutns
- Bucket policies
- ACLs VS Policies
- ACLs work on an individual object level
- Bucket policies work on an entire bucket level
Enable public access to an object
- Create a bucket
- Upload a file into the bucket (S3 Object)
- Enable Public access (Bucket name ==> Permission ==> Block Public Access)
- Enable ACL on objects (Bucket name ==> Permission ==> Object Ownership)
Exam Tips
- Buckets / Objects are private by default
- Object ACLs : handle individual object
- Bucket ACLs : handle entire bucket
- HTTP Status Code when upload an object is HTTP 200
- Only static web pages not any dynamic websites
- S3 scale automatically
How to:
- Create a bucket
- Upload your static website (at least index.html & error.html)
- Enable Public access (Bucket name ==> Permission ==> Block Public Access)
- Update bucket policy (public access)
{ "Version": "2012-10-17", "Statement": [ { "Sid": "PublicReadGetObject", "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::BUCKET_NAME/*" ] } ] }
- Enable Hosting website on bucket Properties
- Visite your web site (URL: http://BUCKET_NAME.s3-website-REGION.amazonaws.com )
Exam Tips
- Bucket Policies: enable public acces using policies
- Static content only
- Automatic Scaling