[1D1H-AWS] 20190205 - S3 Encryption/Storage Gateway/Snow Ball

<S4 L19>

Securing your buckets

*By default, all newly created buckets are PRIVATE.

*You can set up access control to your buckets using:

1) Bucket policies

2) Access Control Lists

*S3 buckets can be configured to create access logs which log all requests made to the S3 bucket. This can be done to another bucket.

Encryption

*In Transit; (when you're sending information to and from your bucket)

* SSL/TLS (these terms are a bit interchangeable)

*(Data) At rest (KOR: 유휴데이터)

1) Server-side encryption

(1)S3 Managed Keys - SSE-S3

(2)AWS Key Management Service, Managed Keys - SSE-KMS

(3)Server Side Management With Customer Provided Keys - SSE-C

2) Client-side encryption

---

<S4 L20> - Please watch the lecture again

Storage Gateway - Exam Tips

1. File Gateway

- For flat files, stored directly on S3

2. Volume Gateway

1) Stored Volumes - Entire Dataset is stored on site and is asynchronously backed up to S3.

2) Cached Volumes - Entire Dataset is stored on S3 and the most frequently accessed data is cached on site.

3. Gateway-Virtual Tape Library(VTL)

-    Used for backup and uses popular backup applications like NetBackup, Backup Exec, Veeam etc.

---

<S4 L21>

Snow Ball - Exam Tips

*Understand what Snowball is.

*Understand what Import, Export is.

- AWS Import/Export Disk accelerates moving large amounts of data into and out of the AWS cloud using portable storage devices for transport. AWS Import/Export Disk transfers your data directly onto and off of storage devices using Amazon's high-speed internal network and bypassing the internet.

* Types of Snowballs

1) Snowball

2) Snowball Edge

3) Snowmobile

* Snowball Can

1) Import to S3

2) Export from S3

Lecture from Udemy AWS Certified Solutions Architect - Associate 2018