Chapter 2: Amazon Simple Storage Service (Amazon S3) and
Amazon Glacier Storage

1. D, E. Objects are stored in buckets, and objects contain both data and metadata.

• 對(duì)象被存儲(chǔ)在bucket中
• 對(duì)象包括數(shù)據(jù)和元數(shù)據(jù)

2. B, D. Amazon S3 cannot be mounted to an Amazon EC2 instance like a file system and should not serve as primary database storage.

• S3 支持web內(nèi)容存儲(chǔ)
• S3支持?jǐn)?shù)據(jù)庫(kù)備份
• S3支持日志存儲(chǔ)分析

3. A, B, D. C and E are incorrect—objects are private by default, and storage in a bucket does not need to be pre-allocated.

• S3的特性如下：所有的對(duì)象都有一個(gè)URL，S3能存儲(chǔ)不限數(shù)量的數(shù)據(jù)，S3提供一個(gè)restful API残家。

4. B, C, E. Static website hosting does not restrict data access, and neither does an Amazon S3 lifecycle policy.

• PRE-SIGNED URL for an object 被用來(lái)作為限制訪(fǎng)問(wèn)的方式；
• AWS支持ACL 控制訪(fǎng)問(wèn)bucket和object
• AWS支持S3 bucket訪(fǎng)問(wèn)策略
• Amazon S3 提供了四種不同的訪(fǎng)問(wèn)控制機(jī)制：AWS Identity and Access Management (IAM) 策略暂殖、訪(fǎng)問(wèn)控制列表 (ACL)、存儲(chǔ)桶策略以及查詢(xún)字符串身份驗(yàn)證当纱。IAM 讓組織能夠在一個(gè) AWS 賬戶(hù)下創(chuàng)建和管理多個(gè)用戶(hù)呛每。通過(guò) IAM 策略，您可以細(xì)化IAM 用戶(hù)對(duì) Amazon S3 桶或?qū)ο蟮目刂茩?quán)坡氯。您可以使用 ACL 選擇性地添加 (授予) 對(duì)個(gè)別對(duì)象的特定權(quán)限晨横。Amazon S3 存儲(chǔ)桶策略可用來(lái)添加或拒絕對(duì)單一桶內(nèi)的部分或所有對(duì)象的權(quán)限。使用查詢(xún)字符串身份驗(yàn)證箫柳，您能夠通過(guò)僅在規(guī)定時(shí)間段內(nèi)有效的 URL 共享 Amazon S3 對(duì)象

5. C, E. Versioning protects data against inadvertent or intentional deletion by storing all versions of the object, and MFA Delete requires a one-time code from a Multi-Factor Authentication (MFA) device to delete objects. Cross-region replication and migration to the Amazon Glacier storage class do not protect against deletion. Vault locks are a feature of Amazon Glacier, not a feature of Amazon S3.

• 啟動(dòng)數(shù)據(jù)版本管理支持?jǐn)?shù)據(jù)找回
• MFA 支持多種方式的操作認(rèn)證

6. C. Migrating the data to Amazon S3 Standard-IA after 30 days using a lifecycle policy is correct. Amazon S3 RRS should only be used for easily replicated data, not critical data. Migration to Amazon Glacier might minimize storage costs if retrievals are infrequent, but documents would not be available in minutes when needed.

• S3支持標(biāo)準(zhǔn)的存儲(chǔ)訪(fǎng)問(wèn)和S3 IA存儲(chǔ)訪(fǎng)問(wèn)手形。這樣就能支持在幾分鐘內(nèi)獲取到數(shù)據(jù)。IA 存儲(chǔ)的可用性是99.9%悯恍。IA的存儲(chǔ)費(fèi)用較低库糠。

7. B. Data is automatically replicated within a region. Replication to other regions and versioning are optional. Amazon S3 data is not backed up to tape.

• S3是在region內(nèi)自動(dòng)復(fù)制的；
• S3的數(shù)據(jù)是不會(huì)備份到tape的涮毫，可以使用lifecycle進(jìn)行數(shù)據(jù)的歸檔轉(zhuǎn)存處理瞬欧；

8. C. In a URL, the bucket name precedes the string “s3.amazonaws.com/,” and the object
   key is everything after that. There is no folder structure in Amazon S3.

• S3是沒(méi)有folder的特性的，這些都是可以作為文件的key存儲(chǔ)罢防；
• bucket的名字是s3表示前邊的內(nèi)容是bucket name

9. C. Amazon S3 server access logs store a record of what requestor accessed the objects in your bucket, including the requesting IP address.

• S3 支持 sever access log訪(fǎng)問(wèn)記錄

10. B, C. Cross-region replication can help lower latency and satisfy compliance requirements on distance. Amazon S3 is designed for eleven nines durability for objects in a single region, so a second region does not significantly increase durability. Crossregion replication does not protect against accidental deletion.

• 跨區(qū)復(fù)制主要是為了遵循安全合規(guī)
• 減少不同區(qū)域的訪(fǎng)問(wèn)延遲
• 不同區(qū)域分析同一組計(jì)算對(duì)象
• 不同所有權(quán)下維護(hù)操作副本

11. C. If data must be encrypted before being sent to Amazon S3, client-side encryption must be used.

• 如果是傳輸?shù)絊3前就需要加密艘虎，只能使用CLIENT-SIDE E
• 共計(jì)四種加密方法：sse-kms、sse-c咒吐、sse-s3野建、客戶(hù)端加密

12. B. Amazon S3 scales automatically, but for request rates over 100 GETS per second, it helps to make sure there is some randomness in the key space. Replication and logging will not affect performance or scalability. Using sequential key names could have a negative effect on performance or scalability.

• 技術(shù)上提升性能的方式可以通過(guò)給key增加隨機(jī)的前綴

13. A, D. You must enable versioning before you can enable cross-region replication, and Amazon S3 must have IAM permissions to perform the replication. Lifecycle rules migrate data from one storage class to another, not from one bucket to another. Static website hosting is not a prerequisite for replication.

• 跨區(qū)復(fù)制必須先啟動(dòng)版本管理；
• 跨區(qū)復(fù)制必須IAM權(quán)限去執(zhí)行這個(gè)復(fù)制恬叹；

14. B. Amazon S3 is the most cost effective storage on AWS, and lifecycle policies are a simple and effective feature to address the business requirements.

• Amazon的生命周期管理候生，可以先歸檔成Glacier，然后定個(gè)時(shí)間刪除

15. B, C, E. Amazon S3 bucket policies cannot specify a company name or a country or origin, but they can specify request IP range, AWS account, and a prefix for objects that can be accessed.

• S3的bucket策略可以指定 IP范圍妄呕、AWS賬戶(hù)陶舞、對(duì)象前綴

16. B, C. Amazon S3 provides read-after-write consistency for PUTs to new objects (new key), but eventual consistency for GETs and DELETEs of existing objects (existing key).

• 最終一致性，在 get和delete的現(xiàn)有的key的時(shí)候會(huì)涉及绪励；

17. A, B, D. A, B, and D are required, and normally you also set a friendly CNAME to the bucket URL. Amazon S3 does not support FTP transfers, and HTTP does not need to be enabled.

• 需要指定一個(gè)cname到bucket url
• 需要 指定index和error頁(yè)面
• 需要 創(chuàng)建一個(gè)bucket name和靜態(tài)網(wǎng)站一樣
• 需要支持網(wǎng)站全世界可訪(fǎng)問(wèn)

18. B. Pre-signed URLs allow you to grant time-limited permission to download objects from an Amazon Simple Storage Service (Amazon S3) bucket. Static web hosting generally requires world-read access to all content. AWS IAM policies do not know who the authenticated users of the web app are. Logging can help track content loss, but not
    prevent it.

• Pre-signed url支持你去獲取一個(gè)基于時(shí)間的訪(fǎng)問(wèn)限制肿孵；

19. A, C. Amazon Glacier is optimized for long-term archival storage and is not suited to data that needs immediate access or short-lived data that is erased within 90 days.

• Glacier需要較長(zhǎng)的恢復(fù)時(shí)間；
• Glacier一般存儲(chǔ)的都是很少訪(fǎng)問(wèn)以及不訪(fǎng)問(wèn)的歸檔數(shù)據(jù)疏魏；

20. C, D, E. Amazon Glacier stores data in archives, which are contained in vaults. Archives are identified by system-created archive IDs, not key names.

• Gracier需要3-5小時(shí)恢復(fù)停做，標(biāo)準(zhǔn)還是批量檢索。對(duì)于除了最大型檔案 (250 MB+) 之外的所有其他檔案大莫，使用加速檢索訪(fǎng)問(wèn)的數(shù)據(jù)通常在 1 到 5 分鐘內(nèi)可用蛉腌。使用標(biāo)準(zhǔn)檢索的檔案檢索通常在 3 到 5 小時(shí)內(nèi)完成。批量檢索通常在 5 到 12 小時(shí)內(nèi)完成只厘。有關(guān)檢索選項(xiàng)的更多信息烙丛，請(qǐng)參閱 Amazon Glacier 常見(jiàn)問(wèn)題。有關(guān)數(shù)據(jù)檢索費(fèi)用的信息羔味。
• Glacier 可以進(jìn)行庫(kù)鎖定來(lái)滿(mǎn)足合規(guī)性要求
• Glacier可以作為一個(gè)獨(dú)立的服務(wù)以及成為S3的標(biāo)準(zhǔn)class
• amazon Glacier 中可存儲(chǔ)的數(shù)據(jù)總量沒(méi)有上限河咽。每個(gè)檔案的上限為 40 TB
• Amazon Glacier 中存儲(chǔ)數(shù)據(jù)沒(méi)有下限，單個(gè)檔案大小范圍為 1 個(gè)字節(jié)到 40TB赋元。

知識(shí)點(diǎn)總結(jié)

• Know what amazon s3 is and what it is commonly used for. Amazon S3 is secure, durable, and highly scalable cloud storage that can be used to store an unlimited amount of data in almost any format using a simple web services interface. Common use cases include backup and archive, content storage and distribution, big data analytics, static website hosting, cloud-native application hosting, and disaster recovery.

• 了解S3的通用場(chǎng)景：S3是安全忘蟹、持久、高擴(kuò)展性的存儲(chǔ)搁凸，可以用來(lái)存儲(chǔ)不限數(shù)量的數(shù)據(jù)媚值，支持任意格式的存儲(chǔ)服務(wù)。通用場(chǎng)景包括：備份护糖、歸檔褥芒、內(nèi)容存儲(chǔ)、分布式存儲(chǔ)嫡良、大數(shù)據(jù)分析锰扶、靜態(tài)網(wǎng)站hosting、云原生應(yīng)用hosting皆刺，容災(zāi)恢復(fù)少辣；

• Understand how object storage differs from block and file storage. Amazon S3 cloud object storage manages data at the application level as objects using a REST API built on HTTP. Block storage manages data at the operating system level as numbered addressable blocks using protocols such as SCSI or Fibre Channel. File storage manages data as shared files at the operating system level using a protocol such as CIFS or NFS.

• 了解對(duì)象存儲(chǔ)與塊存儲(chǔ)、文件存儲(chǔ)的區(qū)別：S3對(duì)象存儲(chǔ)管理數(shù)據(jù)是通過(guò)一個(gè)rest API羡蛾。塊存儲(chǔ)管理數(shù)據(jù)在操作系統(tǒng)層級(jí)漓帅，使用SCSI 或者Fibre Channel。 文件存儲(chǔ)管理數(shù)據(jù)在操作系統(tǒng)層次痴怨，使用NFS協(xié)議或者CIFS協(xié)議忙干。

• Understand the basics of Amazon S3. Amazon S3 stores data in objects that contain data and metadata. Objects are identified by a user-defined key and are stored in a simple flat folder called a bucket. Interfaces include a native REST interface, SDKs for many languages, an AWS CLI, and the AWS Management Console.

• 了解S3的基本信息。S3將數(shù)據(jù)存儲(chǔ)在對(duì)象中浪藻，包括了數(shù)據(jù)和元數(shù)據(jù)捐迫。對(duì)象被用戶(hù)定義的key以類(lèi)似扁平的folder（命名為bucket）訪(fǎng)問(wèn)；支持的接口包括rest爱葵、多語(yǔ)言的sdk施戴，CLI和aws的控制臺(tái)反浓。

• Know how to create a bucket; how to upload, download, and delete objects; how to make objects public; and how to open an object URL.

• 了解如何創(chuàng)建一個(gè)bucket；上傳赞哗、下載和刪除object雷则。如何設(shè)置object被公開(kāi)訪(fǎng)問(wèn)，如何打開(kāi)一個(gè)object的URL

• Understand the durability, availability, and data consistency model of Amazon S3. Amazon S3 standard storage is designed for 11 nines durability and four nines availability of objects over a year. Other storage classes differ. Amazon S3 is eventually consistent, but offers read-after-write consistency for PUTs to new objects.

• 理解持久性肪笋、可用性和數(shù)據(jù)一致性月劈。S3標(biāo)準(zhǔn)存儲(chǔ)是11個(gè)9的持久性，4個(gè)9的可用性藤乙。S3是最終一致性的存儲(chǔ)猜揪，但是在使用put方法創(chuàng)建object時(shí)提供寫(xiě)后讀的一致性；

• Know how to enable static website hosting on Amazon S3. To create a static website on Amazon S3, you must create a bucket with the website hostname, upload your static content and make it public, enable static website hosting on the bucket, and indicate the
  index and error page objects.

• 了解如何打開(kāi)靜態(tài)website的hosting在S3上坛梁。在S3創(chuàng)建一個(gè)靜態(tài)的網(wǎng)站而姐，你必須創(chuàng)建一個(gè)bucket，同時(shí)以網(wǎng)站的hostname命名罚勾，上傳網(wǎng)站內(nèi)容毅人，設(shè)置public屬性。指定index頁(yè)面和error page尖殃。

• Know how to protect your data on Amazon S3. Encrypt data in flight using HTTPS and at rest using SSE or client-side encryption. Enable versioning to keep multiple versions of an object in a bucket. Enable MFA Delete to protect against accidental deletion. Use ACLs Amazon S3 bucket policies and AWS IAM policies for access control. Use pre-signed URLs for time-limited download access. Use cross-region replication to automatically replicate data to another region.

• 了解在S3上如何進(jìn)行數(shù)據(jù)保護(hù)丈莺。通過(guò)HTTPS傳輸加密，使用sse和CSE進(jìn)行數(shù)據(jù)加密送丰。啟動(dòng)bucket的多版本選項(xiàng)缔俄。啟動(dòng)MFA規(guī)避事故性刪除。使用S3 buckets 的ACLs policies和AWS的IAM策略進(jìn)行訪(fǎng)問(wèn)控制器躏。使用pre-signed URLs 做基于時(shí)間的下載訪(fǎng)問(wèn)俐载。使用跨區(qū)自動(dòng)化復(fù)制的方法將數(shù)據(jù)拷貝到其他region

• Know the use case for each of the Amazon S3 storage classes. Standard is for general purpose data that needs high durability, high performance, and low latency access. Standard-IA is for data that is less frequently accessed, but that needs the same performance and availability when accessed. RRS offers lower durability at lower cost for easily replicated data. Amazon Glacier is for storing rarely accessed archival data at lowest cost, when three- to five hour retrieval time is acceptable.

• 了解S3標(biāo)準(zhǔn)存儲(chǔ)的使用場(chǎng)景是為了高持久性，高性能登失、低延遲的訪(fǎng)問(wèn)遏佣。S3的Standard-IA是一個(gè)訪(fǎng)問(wèn)較少的服務(wù)，但是當(dāng)被訪(fǎng)問(wèn)時(shí)提供同樣的性能和可用性揽浙。RRS提供了低持久性的低成本數(shù)據(jù)復(fù)制状婶。Glacier是用來(lái)存儲(chǔ)幾乎沒(méi)有訪(fǎng)問(wèn)的歸檔數(shù)據(jù)，提供了低成本訪(fǎng)問(wèn)方案馅巷，提供了3-5小時(shí)獲取所需數(shù)據(jù)的能力膛虫；

• Know how to use lifecycle configuration rules. Lifecycle rules can be configured in the AWS Management Console or the APIs. Lifecycle configuration rules define actions to transition objects from one storage class to another based on time.

• 了解如何利用生命周期配置規(guī)則。生命周期規(guī)則可以被配置在AWS的控制臺(tái)上或者通過(guò)API設(shè)置钓猬。生命周期配置規(guī)則定義了對(duì)象從一個(gè)存儲(chǔ)class到另外一個(gè)存儲(chǔ)class的時(shí)間稍刀；

• Know how to use Amazon S3 event notifications. Event notifications are set at the bucket level and can trigger a message in Amazon SNS or Amazon SQS or an action in AWS Lambda in response to an upload or a delete of an object.

• 知道如何利用S3的事件通知。事件通知可以基于bucket level設(shè)置敞曹，可以出發(fā)一個(gè)消息以SNS或者SQS的方式傳遞账月，通過(guò)lambda響應(yīng)一個(gè)上傳或者刪除對(duì)象的動(dòng)作综膀；

• Know the basics of amazon glacier as a standalone service. Data is stored in encrypted archives that can be as large as 40TB. Archives typically contain TAR or ZIP files. Vaults are containers for archives, and vaults can be locked for compliance.

• 了解Glacier是一個(gè)獨(dú)立的服務(wù)。數(shù)據(jù)被以加密歸檔的方式訪(fǎng)問(wèn)捶障，可以達(dá)到40T僧须。歸檔方式典型的包括TAR或者ZIP文件纲刀∠盍叮可以設(shè)定文件庫(kù)鎖的策略；