2. Amazon S3Transfer Acceleration
2
▪ Amazon S3Transfer Acceleration enables fast, easy, and
secure transfers of files over long distances between your
client and an S3 bucket.Transfer Acceleration takes
advantage ofAmazon CloudFront’s globally distributed edge
locations. As the data arrives at an edge location, data is
routed to Amazon S3 over an optimized network path.
▪ When usingTransfer Acceleration, additional data transfer
charges may apply.
3. Amazon S3Transfer Acceleration
3
▪ Why Use Amazon S3Transfer Acceleration?
– You might want to useTransferAcceleration on a bucket for various
reasons, including the following:
– You have customers that upload to a centralized bucket from all over
the world.
– You transfer gigabytes to terabytes of data on a regular basis across
continents.
– You are unable to utilize all of your available bandwidth over the
Internet when uploading to Amazon S3.
4. How Do I Configure an S3 Bucket for
Static Website Hosting?
4
▪ Sign in to the AWS Management Console and open the
Amazon S3 console athttps://console.aws.amazon.com/s3/.
▪ In the Bucket name list, choose the name of the bucket that
you want to enable static website hosting for.
▪ Choose Properties.
5. How Do I Configure an S3 Bucket for
Static Website Hosting?
5
▪ Choose Static website hosting.
After you enable your bucket for static website hosting, web
browsers can access all of your content through the Amazon S3
website endpoint for your bucket.
6. How Do I Configure an S3 Bucket for
Static Website Hosting?
6
▪ Choose Use this bucket to host.
– For Index Document, type the name of the index document, which is
typically named index.html.When you configure a bucket for website
hosting, you must specify an index document. Amazon S3 returns this
index document when requests are made to the root domain or any of
the subfolders.
– (Optional) For 4XX class errors, you can optionally provide your own
custom error document that provides additional guidance for your
users. For Error Document, type the name of the file that contains the
custom error document. If an error occurs,Amazon S3 returns an HTML
error document.
– (Optional) If you want to specify advanced redirection rules, in the Edit
redirection rules text area, use XML to describe the rules. For example,
you can conditionally route requests according to specific object key
names or prefixes in the request.
7. How Do I Configure an S3 Bucket for
Static Website Hosting?
7
• Choose Save.
8. How Do I Configure an S3 Bucket for
Static Website Hosting?
8
▪ Add a bucket policy to the website bucket that grants everyone
access to the objects in the bucket.
▪ When you configure a bucket as a website, you must make the
objects that you want to serve publicly readable.
▪ To do so, you write a
bucket policy that grants
everyone
s3:GetObject permission.
9. S3 Summary
9
▪ Once you load your data into Amazon S3, you can use it with other
services that we provide.The following services are the ones you
might use most frequently:
▪ Amazon Elastic Compute Cloud –This web service provides virtual
compute resources in the cloud.
▪ Amazon EMR –This web service enables businesses, researchers,
data analysts, and developers to easily and cost-effectively process
vast amounts of data. It utilizes a hosted Hadoop framework
running on the web-scale infrastructure of Amazon EC2 and
Amazon S3.
▪ AWS Import/Export – AWS Import/Export enables you to mail a
storage device, such as a RAID drive, to Amazon so that we can
upload your (terabytes) of data into Amazon S3.
10. Create a CloudFront CDN
10
▪ Step 1: Upload your content to Amazon S3 and
grant object permissions
– It is same as we learned in previous session of S3 and IAM.
▪ Step 2: Create a CloudFront distribution
▪ Step 3:Test your links
11. Create a CloudFront distribution
11
1. To create a CloudFront distribution
2. Open the CloudFront
console at https://console.aws.amazon.com/cloudfront/.
3. Choose Create Distribution.
4. On the Select a delivery method for your content page, in
the Web section, choose Get Started.
12. Create a CloudFront distribution
12
5. On the Create Distribution page, under Origin Settings, choose
the Amazon S3 bucket that you created earlier. For Origin
ID, Origin Path, Restrict Bucket Access, and Origin Custom
Headers, accept the default values.
13. Create a CloudFront distribution
13
6. Under Default Cache Behavior Settings, accept the default values,
and CloudFront will:
– Forward all requests that use the CloudFront URL for your distribution (for
example,http://d111111abcdef8.cloudfront.net/image.jpg) to the Amazon S3
bucket that you specified in Step 4.
– Allow end users to use either HTTP or HTTPS to access your objects.
– Respond to requests for your objects.
– Cache your objects at CloudFront edge locations for 24 hours.
– Forward only the default request headers to your origin and not cache your
objects based on the values in the headers.
– Exclude cookies and query string parameters, if any, when forwarding requests
for objects to your origin. (Amazon S3 doesn't process cookies and processes only
a limited set of query string parameters.)
– Not be configured to distribute media files in the Microsoft Smooth Streaming
format.
– Allow everyone to view your content.
– Not automatically compress your content.
15. Create a CloudFront distribution
15
7. Under Distribution Settings, enter the applicable values:
• Price Class:
• Select the price class that
corresponds with the maximum
price that you want to pay for
CloudFront service. By default,
CloudFront serves your objects
from edge locations in all
CloudFront regions.
• AWSWAFWeb ACL:
• If you want to use AWSWAF to
allow or block HTTP and HTTPS
requests based on criteria that you
specify, choose the web ACL to
associate with this distribution.
For more information about AWS
WAF
16. Create a CloudFront distribution
16
7. Under Distribution Settings, enter the applicable values:
• Alternate Domain Names (CNAMEs) (Optional):
• Specify one or more domain names that you
want to use for URLs for your objects instead
of the domain name that CloudFront assigns
when you create your distribution
For example, if you want the URL for the object:
/images/image.jpg
to look like this:
http://www.example.com/images/image.jpg
instead of like this:
http://d111111abcdef8.cloudfront.net/images/image.j
pg
you would create a CNAME for www.example.com.
17. Create a CloudFront distribution
17
7. Under Distribution Settings, enter the applicable values:
• SSL Certificate:
• Accept the default value, Default
CloudFront Certificate.
• Cookie Logging:
• In this example, we're usingAmazon S3 as
the origin for your objects, and Amazon S3
doesn't process cookies, so we recommend
that you select Off for the value of Cookie
Logging.
• And Others being optional you could select
default values .
18. Create a CloudFront distribution
18
8. Choose Create Distribution.
– After CloudFront has created your distribution, the value of
the Status column for your distribution will change
from InProgress to Deployed. If you chose to enable the distribution, it
will then be ready to process requests.This typically takes between 20
and 40 minutes.
– The domain name that CloudFront assigns to your distribution appears in
the list of distributions. (It also appears on the General tab for a selected
distribution.
19. Create a CloudFront distribution
19
Step 3:Test your links:
1. After you've created your distribution,
CloudFront knows where yourAmazon S3 origin
server is, and you know the domain name
associated with the distribution.You can create a
link to yourAmazon S3 bucket content with that
domain name, and have CloudFront serve it.
▪ Note: You must wait until the status of your
distribution changes to Deployed before testing
your links.
20. Create a CloudFront distribution
20
1. Copy the following HTML into a new file:
– Replace <domain name> with the domain name that CloudFront
assigned to your distribution.
– Replace <object name> with the name of a file in your Amazon S3
bucket.
▪ <html> <head>My CloudFrontTest</head> <body> <p>My text
content goes here.</p> <p><img src="http://domain name/object
name" alt="my test image"/> </body> </html>
▪ For example, if your domain name
was d111111abcdef8.cloudfront.net and your object
was image.jpg, the URL for the link would be:
– http://d111111abcdef8.cloudfront.net/image.jpg.
▪ If your object is in a folder within your bucket, include the folder
in the URL. For example, if image.jpg is located in an images
folder, then the URL would be:
– http://d111111abcdef8.cloudfront.net/images/image.jpp
21. Create a CloudFront distribution
21
2. Save the text in a file that has a .html filename
extension.
3. Open your web page in a browser to ensure that
you can see your content. If you cannot see the
content, confirm that you have performed all of
the steps correctly
22. S3: Security and encryption
22
▪ AWS S3 security consideration comes under below
points.
▪ protecting data while
– in-transit (as it travels to and from Amazon S3) , 2 ways:
▪ by using SSL
▪ client-side encryption.
– at rest (while it is stored on disks inAmazon S3 data
centers) 2 ways:
▪ Server Side encryption. (SSE)
▪ client-side encryption.
23. S3: Security and encryption
23
▪ EncryptionTypes
– Server Side
▪ encrypt your object before saving it on S3 disks ○ decrypt it
when you download the objects from S3.
– Client Side
▪ Client-side encryption refers to encrypting data before
sending it to Amazon S3
– Use an AWS KMS-managed customer master key.
– Use a client-side master key
– Disadvantage: Less matching the AWS ecosystem.You need to
manage keys.
24. S3: Security and encryption
24
▪ Client side master key
– Your client-side master keys and your unencrypted data are never sent to AWS
– manage your own encryption keys
– If you lose them, you won't be able to decrypt your data.
– When uploading an object
▪ You provide a client-side master key to the Amazon S3 encryption client
▪ for each object , encryption client locally generates a one-time-use symmetric key ○
The client uploads the encrypted data key and its material description as part of the
object metadata
▪ The material description helps the client later determine which client-side master key
to use for decryption
▪ The client then uploads the encrypted data to Amazon S3 and also saves the encrypted
data key as object metadata
– When downloading an object
▪ The client first downloads the encrypted object fromAmazon S3 along with the
metadata
▪ Using the material description in the metadata, the client first determines which master
key to use to decrypt
▪ the encrypted data key.
25. S3: Security and encryption
25
▪ Client Side KMS–Managed Customer Master Key (CMK)
– you provide only an AWS KMS customer master key ID (CMK ID)
– you don't have to worry about providing any encryption keys to the Amazon
S3 encryption client (for example, the AmazonS3EncryptionClient in the
AWS SDK for Java). 2options
▪ A plain text version
▪ A cipher blob
– unique data encryption key for each object it uploads.
26. S3: Security and encryption
26
▪ Server Side Encryption (SSE)
– Server-side encryption is about data encryption at rest
– 3 methods
▪ Server-Side Encryption with Customer-Provided Keys (SSE-C)
▪ S3-Managed Keys (SSE-S3)
▪ AWS KMS-Managed Keys (SSE-KMS)
27. S3: Security and encryption
27
▪ New Amazon S3 Encryption & Security Features
29. AWS Storage Gateway
29
▪ AWS Storage Gateway connects an on-premises software
appliance with cloud-based storage to provide seamless
integration with data security features between your on-
premises IT environment and the AWS storage infrastructure.
You can use the service to store data in the AWS Cloud for
scalable and cost-effective storage that helps maintain data
security.
▪ AWS Storage Gateway offers file-based, volume-based, and
tape-based storage solutions:
– File Gateway:
▪ A file gateway supports a file interface into Amazon Simple Storage Service
(Amazon S3) and combines a service and a virtual software appliance.
30. AWS Storage Gateway
30
▪ Volume Gateway:
– A volume gateway provides cloud-backed storage volumes that you can
mount as Internet Small Computer System Interface (iSCSI) devices
from your on-premises application servers
▪ Tape Gateway :
– With a tape gateway, you can cost-effectively and durably archive
backup data in Amazon Glacier.
– A tape gateway provides a virtual tape infrastructure that scales
seamlessly with your business needs and eliminates the operational
burden of provisioning, scaling, and maintaining a physical tape
infrastructure.
31. Snowball
31
• Snowball is a petabyte-scale data transport solution that uses devices
designed to be secure to transfer large amounts of data into and out of the
AWS Cloud.
• Using Snowball addresses common challenges with large-scale data
transfers including high network costs, long transfer times, and security
concerns.
• Customers today use Snowball to migrate analytics data, genomics data,
video libraries, image repositories, backups, and to archive part of data
center shutdowns, tape replacement or application migration projects.
• Transferring data with Snowball is simple, fast, more secure, and can be as
little as one-fifth the cost of transferring data via high-speed Internet.
• https://youtu.be/9uc2DSZ1wL8