For my test preperation I signed up for the AWS Certified Solutions Architect training from A Cloud Guru. I paid $30 for the course which was a great deal imho, and provided the information needed to pass the exam.
IAM (Identity Access Management)
IAM allows for the management of users and control the access levels of those users for the AWS Console. IAM is also universal and does not apply to a specific region.
IAM allows you to do the following:
- Single location to control your AWS account.
- Granular access control.
- Identity Federation, tying AWS to AD etc.
- 2FA - Two factor authentication for accounts.
- Manage password policy.
- For compliance IAM supports PCI DSS.
- Users - Your end users with each account having its specific permissions. New users have NO permissions assigned when first created.
- Access Types
- Programmatic Access - AWS API, CLI, SDK
- AWS Management Console Access - AWS Management Console
- Access Types
- Groups - A collection of users where permissions can be applied to the group.
- Roles - Users and groups assigned to specific AWS Resources.
- Policies - Defines permissions that specify what actions a user, group or role can be performed on a resource(s). Kept in JSON formatting.
S3 (Simple Storage Servcie)
Is a object based storage service where data is spread across multiple systems and locations. Objects consist of the following:
- Version ID
- Access Control Lists
- Files can be from 0 Bytes to 5TB in size.
- Unlimited storage.
- Files are stored in Buckets.
- Universal name space so names must be unique globally (assigned through DNS) and HTTP 200 = document/file upload was successful.
- Availability SLA 99.9%
- Durability SLA 11x9's - Data loss
Tiered Storage Available
- S3/IA (Infrequently Accessed) - accessed less but allows for rapid access when needed.
- RRS (Reduced Redundancy Storage) - best for data that can be restored like images.
- Glacier - very inexpensive and used for archival only. it takes 3-5 hours to restore from Glacier.
Standard Standard IA RRS Glacier Durability 99.999999999% 99.99999999% 99.99% 99.999999999% Availability 99.99% 99.9% 99.99% 99.99% - once restored Minimum Object Size N/A 128KB N/A Minimum Storage Duration N/A 30 days 90 days Retrieval Fee N/A per GB retrieved per GB retrieved Concurrent facility fault tolerances 2 2 1 SSL Support Yes Yes Yes First byte latency Milliseconds Milliseconds Milliseconds Lifecycle Management Policies Yes Yes Yes Considerations Retrieval fee with objects, most suitable for infrequently accessed data Not available for real-time access, must restore objects before you can access them, restoring objects can take 3-5 hours.
- Stores all versions of an object, including all writes even if you delete the object.
- Good for backups.
- Once enabled it cannot be disabled only suspended.
- Integrates with Lifecycle rules.
- MFA Delete provides additional level of secruity.
- Access Control and Bucket Policies
- Read after Write consistency for PUTS of new Objects.
- Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate).
S3 Cross Region Replication
- Versioning must be enabled on both the source and destination buckets.
- Regions must be unique.
- Existing files in a bucket are not automatically replicated. All subsequent updated files will be replicated automatically.
- Delete markers are replicated.
- Deleting individual versions or delete markers will not be replicated.
Read the S3 FAQ before take the exam. S3 is a large percentage of test questions.