Chapter 2: Amazon Simple Storage Service (Amazon S3) and
Amazon Glacier Storage

1. D, E. Objects are stored in buckets, and objects contain both data and metadata.

• 对象被存储在bucket中
• 对象包括数据和元数据

2. B, D. Amazon S3 cannot be mounted to an Amazon EC2 instance like a file system and should not serve as primary database storage.

• S3 支持web内容存储
• S3支持数据库备份
• S3支持日志存储分析

3. A, B, D. C and E are incorrect—objects are private by default, and storage in a bucket does not need to be pre-allocated.

• S3的特性如下：所有的对象都有一个URL，S3能存储不限数量的数据，S3提供一个restful API。

4. B, C, E. Static website hosting does not restrict data access, and neither does an Amazon S3 lifecycle policy.

• PRE-SIGNED URL for an object 被用来作为限制访问的方式；
• AWS支持ACL 控制访问bucket和object
• AWS支持S3 bucket访问策略
• Amazon S3 提供了四种不同的访问控制机制：AWS Identity and Access Management (IAM) 策略、访问控制列表 (ACL)、存储桶策略以及查询字符串身份验证。IAM 让组织能够在一个 AWS 账户下创建和管理多个用户。通过 IAM 策略，您可以细化IAM 用户对 Amazon S3 桶或对象的控制权。您可以使用 ACL 选择性地添加 (授予) 对个别对象的特定权限。Amazon S3 存储桶策略可用来添加或拒绝对单一桶内的部分或所有对象的权限。使用查询字符串身份验证，您能够通过仅在规定时间段内有效的 URL 共享 Amazon S3 对象

5. C, E. Versioning protects data against inadvertent or intentional deletion by storing all versions of the object, and MFA Delete requires a one-time code from a Multi-Factor Authentication (MFA) device to delete objects. Cross-region replication and migration to the Amazon Glacier storage class do not protect against deletion. Vault locks are a feature of Amazon Glacier, not a feature of Amazon S3.

• 启动数据版本管理支持数据找回
• MFA 支持多种方式的操作认证

6. C. Migrating the data to Amazon S3 Standard-IA after 30 days using a lifecycle policy is correct. Amazon S3 RRS should only be used for easily replicated data, not critical data. Migration to Amazon Glacier might minimize storage costs if retrievals are infrequent, but documents would not be available in minutes when needed.

• S3支持标准的存储访问和S3 IA存储访问。这样就能支持在几分钟内获取到数据。IA 存储的可用性是99.9%。IA的存储费用较低。

7. B. Data is automatically replicated within a region. Replication to other regions and versioning are optional. Amazon S3 data is not backed up to tape.

• S3是在region内自动复制的；
• S3的数据是不会备份到tape的，可以使用lifecycle进行数据的归档转存处理；

8. C. In a URL, the bucket name precedes the string “s3.amazonaws.com/,” and the object
   key is everything after that. There is no folder structure in Amazon S3.

• S3是没有folder的特性的，这些都是可以作为文件的key存储；
• bucket的名字是s3表示前边的内容是bucket name

9. C. Amazon S3 server access logs store a record of what requestor accessed the objects in your bucket, including the requesting IP address.

• S3 支持 sever access log访问记录

10. B, C. Cross-region replication can help lower latency and satisfy compliance requirements on distance. Amazon S3 is designed for eleven nines durability for objects in a single region, so a second region does not significantly increase durability. Crossregion replication does not protect against accidental deletion.

• 跨区复制主要是为了遵循安全合规
• 减少不同区域的访问延迟
• 不同区域分析同一组计算对象
• 不同所有权下维护操作副本

11. C. If data must be encrypted before being sent to Amazon S3, client-side encryption must be used.

• 如果是传输到S3前就需要加密，只能使用CLIENT-SIDE E
• 共计四种加密方法：sse-kms、sse-c、sse-s3、客户端加密

12. B. Amazon S3 scales automatically, but for request rates over 100 GETS per second, it helps to make sure there is some randomness in the key space. Replication and logging will not affect performance or scalability. Using sequential key names could have a negative effect on performance or scalability.

• 技术上提升性能的方式可以通过给key增加随机的前缀

13. A, D. You must enable versioning before you can enable cross-region replication, and Amazon S3 must have IAM permissions to perform the replication. Lifecycle rules migrate data from one storage class to another, not from one bucket to another. Static website hosting is not a prerequisite for replication.

• 跨区复制必须先启动版本管理；
• 跨区复制必须IAM权限去执行这个复制；

14. B. Amazon S3 is the most cost effective storage on AWS, and lifecycle policies are a simple and effective feature to address the business requirements.

• Amazon的生命周期管理，可以先归档成Glacier，然后定个时间删除

15. B, C, E. Amazon S3 bucket policies cannot specify a company name or a country or origin, but they can specify request IP range, AWS account, and a prefix for objects that can be accessed.

• S3的bucket策略可以指定 IP范围、AWS账户、对象前缀

16. B, C. Amazon S3 provides read-after-write consistency for PUTs to new objects (new key), but eventual consistency for GETs and DELETEs of existing objects (existing key).

• 最终一致性，在 get和delete的现有的key的时候会涉及；

17. A, B, D. A, B, and D are required, and normally you also set a friendly CNAME to the bucket URL. Amazon S3 does not support FTP transfers, and HTTP does not need to be enabled.

• 需要指定一个cname到bucket url
• 需要 指定index和error页面
• 需要 创建一个bucket name和静态网站一样
• 需要支持网站全世界可访问

18. B. Pre-signed URLs allow you to grant time-limited permission to download objects from an Amazon Simple Storage Service (Amazon S3) bucket. Static web hosting generally requires world-read access to all content. AWS IAM policies do not know who the authenticated users of the web app are. Logging can help track content loss, but not
    prevent it.

• Pre-signed url支持你去获取一个基于时间的访问限制；

19. A, C. Amazon Glacier is optimized for long-term archival storage and is not suited to data that needs immediate access or short-lived data that is erased within 90 days.

• Glacier需要较长的恢复时间；
• Glacier一般存储的都是很少访问以及不访问的归档数据；

20. C, D, E. Amazon Glacier stores data in archives, which are contained in vaults. Archives are identified by system-created archive IDs, not key names.

• Gracier需要3-5小时恢复，标准还是批量检索。对于除了最大型档案 (250 MB+) 之外的所有其他档案，使用加速检索访问的数据通常在 1 到 5 分钟内可用。使用标准检索的档案检索通常在 3 到 5 小时内完成。批量检索通常在 5 到 12 小时内完成。有关检索选项的更多信息，请参阅 Amazon Glacier 常见问题。有关数据检索费用的信息。
• Glacier 可以进行库锁定来满足合规性要求
• Glacier可以作为一个独立的服务以及成为S3的标准class
• amazon Glacier 中可存储的数据总量没有上限。每个档案的上限为 40 TB
• Amazon Glacier 中存储数据没有下限，单个档案大小范围为 1 个字节到 40TB。

知识点总结

• Know what amazon s3 is and what it is commonly used for. Amazon S3 is secure, durable, and highly scalable cloud storage that can be used to store an unlimited amount of data in almost any format using a simple web services interface. Common use cases include backup and archive, content storage and distribution, big data analytics, static website hosting, cloud-native application hosting, and disaster recovery.

• 了解S3的通用场景：S3是安全、持久、高扩展性的存储，可以用来存储不限数量的数据，支持任意格式的存储服务。通用场景包括：备份、归档、内容存储、分布式存储、大数据分析、静态网站hosting、云原生应用hosting，容灾恢复；

• Understand how object storage differs from block and file storage. Amazon S3 cloud object storage manages data at the application level as objects using a REST API built on HTTP. Block storage manages data at the operating system level as numbered addressable blocks using protocols such as SCSI or Fibre Channel. File storage manages data as shared files at the operating system level using a protocol such as CIFS or NFS.

• 了解对象存储与块存储、文件存储的区别：S3对象存储管理数据是通过一个rest API。块存储管理数据在操作系统层级，使用SCSI 或者Fibre Channel。 文件存储管理数据在操作系统层次，使用NFS协议或者CIFS协议。

• Understand the basics of Amazon S3. Amazon S3 stores data in objects that contain data and metadata. Objects are identified by a user-defined key and are stored in a simple flat folder called a bucket. Interfaces include a native REST interface, SDKs for many languages, an AWS CLI, and the AWS Management Console.

• 了解S3的基本信息。S3将数据存储在对象中，包括了数据和元数据。对象被用户定义的key以类似扁平的folder（命名为bucket）访问；支持的接口包括rest、多语言的sdk，CLI和aws的控制台。

• Know how to create a bucket; how to upload, download, and delete objects; how to make objects public; and how to open an object URL.

• 了解如何创建一个bucket；上传、下载和删除object。如何设置object被公开访问，如何打开一个object的URL

• Understand the durability, availability, and data consistency model of Amazon S3. Amazon S3 standard storage is designed for 11 nines durability and four nines availability of objects over a year. Other storage classes differ. Amazon S3 is eventually consistent, but offers read-after-write consistency for PUTs to new objects.

• 理解持久性、可用性和数据一致性。S3标准存储是11个9的持久性，4个9的可用性。S3是最终一致性的存储，但是在使用put方法创建object时提供写后读的一致性；

• Know how to enable static website hosting on Amazon S3. To create a static website on Amazon S3, you must create a bucket with the website hostname, upload your static content and make it public, enable static website hosting on the bucket, and indicate the
  index and error page objects.

• 了解如何打开静态website的hosting在S3上。在S3创建一个静态的网站，你必须创建一个bucket，同时以网站的hostname命名，上传网站内容，设置public属性。指定index页面和error page。

• Know how to protect your data on Amazon S3. Encrypt data in flight using HTTPS and at rest using SSE or client-side encryption. Enable versioning to keep multiple versions of an object in a bucket. Enable MFA Delete to protect against accidental deletion. Use ACLs Amazon S3 bucket policies and AWS IAM policies for access control. Use pre-signed URLs for time-limited download access. Use cross-region replication to automatically replicate data to another region.

• 了解在S3上如何进行数据保护。通过HTTPS传输加密，使用sse和CSE进行数据加密。启动bucket的多版本选项。启动MFA规避事故性删除。使用S3 buckets 的ACLs policies和AWS的IAM策略进行访问控制。使用pre-signed URLs 做基于时间的下载访问。使用跨区自动化复制的方法将数据拷贝到其他region

• Know the use case for each of the Amazon S3 storage classes. Standard is for general purpose data that needs high durability, high performance, and low latency access. Standard-IA is for data that is less frequently accessed, but that needs the same performance and availability when accessed. RRS offers lower durability at lower cost for easily replicated data. Amazon Glacier is for storing rarely accessed archival data at lowest cost, when three- to five hour retrieval time is acceptable.

• 了解S3标准存储的使用场景是为了高持久性，高性能、低延迟的访问。S3的Standard-IA是一个访问较少的服务，但是当被访问时提供同样的性能和可用性。RRS提供了低持久性的低成本数据复制。Glacier是用来存储几乎没有访问的归档数据，提供了低成本访问方案，提供了3-5小时获取所需数据的能力；

• Know how to use lifecycle configuration rules. Lifecycle rules can be configured in the AWS Management Console or the APIs. Lifecycle configuration rules define actions to transition objects from one storage class to another based on time.

• 了解如何利用生命周期配置规则。生命周期规则可以被配置在AWS的控制台上或者通过API设置。生命周期配置规则定义了对象从一个存储class到另外一个存储class的时间；

• Know how to use Amazon S3 event notifications. Event notifications are set at the bucket level and can trigger a message in Amazon SNS or Amazon SQS or an action in AWS Lambda in response to an upload or a delete of an object.

• 知道如何利用S3的事件通知。事件通知可以基于bucket level设置，可以出发一个消息以SNS或者SQS的方式传递，通过lambda响应一个上传或者删除对象的动作；

• Know the basics of amazon glacier as a standalone service. Data is stored in encrypted archives that can be as large as 40TB. Archives typically contain TAR or ZIP files. Vaults are containers for archives, and vaults can be locked for compliance.

• 了解Glacier是一个独立的服务。数据被以加密归档的方式访问，可以达到40T。归档方式典型的包括TAR或者ZIP文件。可以设定文件库锁的策略；