Introduction• AWS, the Amazon Web Services offer a wide range of solutions for networking, storage, database, deployment & management, mail & messaging etc.• These services are highly scalable, efficient, secure, reliable, flexible and COST EFFECTIVE.• Some of the services are: – Amazon S3 (Simple Storage Service) – Amazon SimpleDB – Amazon Elastic Beanstalk – Amazon Route 53 – …
Amazon S3• Amazon S3 (Simple Storage Service) is a storage for Internet.• It provides simple web services interface that can be used to store and retrieve any amount of data, at anytime, from anywhere, on the web.• Without an additional server for storage, it offers high scalability, reliability, security and its fast and inexpensive.
Data Security• S3 provides various mechanisms to provide security at all levels in the form of IAM policies, ACLs, bucket policies, and query string authentication.• IAM enables to create and manage user and their access to contents in organizations with multiple employees.• ACL allows selective access to resources.• Bucket policies can be used to allow or deny permissions across some contents or whole bucket.• Query string authentication allows secure https URLs that allow access for a duration of time.
Terminology• There are various terms used in S3 which are to be understood in order to use S3 effectively.• Some of those terms are – – Bucket and Objects – ACLs – Permission, Statement and Policy – Principal, Action and Resource – …
Basic Steps• The basic steps for using Amazon S3 are – – Sign Up for Amazon S3 – Create a bucket – Add an Object to a Bucket – View an Object – Move and Object – Delete an Object and a Bucket
Bucket and Objects• A bucket is a container for objects stored in Amazon S3.• An object is a fundamental entity stored in Amazon S3.• Contents of bucket are provided some version IDs, which are disabled by default.• Every object consists of – – Data – Key – Metadata – Version ID
Bucket and Objects (cont…)• A key is a name that is assigned to an object when its uploaded. To download an object, we use the key.• Version ID uniquely identifies an object, which is generated when an object is uploaded.• Metadata is a set of name-value pairs with which you can store information regarding object. Ex., – Content length – Content type – Content encoding – Expires
Access Control• Access to resources is controlled by various mechanisms, at all the levels using either resource- based or user-based.• For this, we can use IAM Policies, ACLs and Bucket policies, or using these together.• We can also use URLs which are created to provide access to resources based on time and users.
Permission• Permission is the concept of allowing or disallowing some access to a particular resource. The format is – – A is/isn’t allowed to do B to C where D applies o A – User o B – Action o C – Resource o D – Condition/Range
Statement and Policy• Statement is the description of a single permission, written in Access Policy Language (APL)• Policy is a JSON document containing one or more such statements.
Principal and Action• Issuer is the person who writes policy to grant a permission for a particular resource (Resource Owner).• Principal is person/persons who receive permission in the policy.• Action is the activity the principal has permission to perform.• Resource is the bucket of object the principal is requesting access to.
Requestor and Evaluation• Requestor is a person who sends a request to AWS service and asks for access to a particular resource.• Evaluation is a process used by AWS service to determine if an incoming request should be denied or allowed based on applicable policies.
Resource Behavior• Effect is the result you want a policy statement to return at evaluation time.• Default Deny – This is the default result from a policy in absence of an allow or explicit deny.• Allow – Effect = Allow for a resource or a user upon an action performed.• Explicit Deny – Effect = Deny for a resource or a user upon an action performed.• An explicit deny always overrides an allow.
Tools for S3• S3 can be used through various tools and plugins. Some of them are – – Amazon Console: https://console.aws.amazon.com/s3/home – IDE plugin such as AWS plugin for Eclipse IDE: http://aws.amazon.com/eclipse/ – S3 Organizer as an addon in Firefox: https://addons.mozilla.org/en-US/firefox/addon/amazon-s3-organizers3fox/ – Cloudberry S3 Explorer: http://www.cloudberrylab.com/free-amazon-s3-explorer-cloudfront-IAM.as