There are two primary types of Object Lifecycle Management actions in Amazon S3 Transition Actions: defines the state when an Object transitions from one storage class to another storage class. For example, a new object may transition to STANDARD_IA (infrequent access) class after 60 days of creation. And it can transition to GLACIER after 180 days of creation ExamCollection - Latest Exam Questions & Answers
S3 lifecycle configuration rules are a mechanism for controlling objects that have a well-defined lifecycle by moving them between storage classes or deleting them at specific time intervals Expiration Actions: Defines what happens when an Object expires. You can configure S3 to delete an object on expiration for example If you enable replication on a bucket that already has objects in it, the original objects DO NOT get migrated, only new objects since replication was enabled are replicated Automate lifecycle polices for hands off administration Set transitions based on the objects age and then delete the object after a time you specify Policy actions can be combined together for automation flexibility Set policies by bucket, prefix or tags Set policies for current versions of the object or non-current versions if you have versioning enabled - mgmt.html ExamCollection - Latest Exam Questions & Answers
S3 security and encryption When creating a new S3 bucket, they are PRIVATE by default To make a bucket publically accessible, use access control to make the configuration change Bucket policies are global Access control list allow you to create very Granular profiles Access control for buckets Bucket policies ACLs S3 buckets can be configured to create access logs which log all requests to the S3 bucket Data in transit is protected using SSL/TLS At rest: Server side: Data is encrypted as it is stored on a cloud storage service, also referred to as encryption at rest. AWS Key Management Service, Managed Keys – SSE-KMS Audit trail Self-manage keys SSE-C server side encryption with customer provided keys Client side encryption for transmitting into S3 Encrypt on the client side and upload to S3 Encryption – 4 methods In transit – information to/from bucket Uses SSL/TLS S3 data at rest: Server Side Encryption (SSE) S3 Managed keys – SSE-S3 (Server Side Encryption S3) each object encrypted with a unique key, uses strong multifactor encryption, AWS encrypts the key itself with a master key that gets rotated. AES-256 Amazon handles all of the keys for ExamCollection - Latest Exam Questions & Answers
you. Click on the object and select “encrypt” AWS Key Management Service KMS, Managed Keys – SSE-KMS AWS Key Management Service, Managed Keys. Similar to SSE-S3 but adds an envelope key, which is a key that protects your data’s encryption key. It also adds an audit trail of when your keys were used and who used them. The audit/logging show you who is decrypting what and when. There is
You've reached the end of your free preview.
Want to read all 369 pages?
- Fall '19
- AWS, Amazon Elastic Compute Cloud