How can you secure the access to your S3 bucket?
S3 bucket can be secured in two ways:
ACL (Access Control List)
ACL is used to manage the access of resources to buckets and objects. An object of each bucket is associated with ACL. It defines which AWS accounts have granted access and the type of access. When a user sends the request for a resource, then its corresponding ACL will be checked to verify whether the user has granted access to the resource or not.
When you create a bucket, then Amazon S3 creates a default ACL which provides a full control over the AWS resources.
Bucket Policies
Bucket policies are only applied to S3 bucket. Bucket policies define what actions are allowed or denied. Bucket policies are attached to the bucket not to an S3 object but the permissions define in the bucket policy are applied to all the objects in S3 bucket.
The following are the main elements of Bucket policy:
- Sid
- A Sid determines what the policy will do. For example, if an action that needs to be performed is adding a new user to an Access Control List (ACL), then the Sid would be AddCannedAcl. If the policy is defined to evaluate IP addresses, then the Sid would be IPAllow.
Effect: An effect defines an action after applying the policy. The action could be either to allow an action or to deny an action.
Principal - A Principal is a string that determines to whom the policy is applied. If we set the principal string as ‘*’, then the policy is applied to everyone, but it is also possible that you can specify individual AWS account.
Action - An Action is what happens when the policy is applied. For example, s3:Getobject is an action that allows to read object data.
Resource - The Resource is a S3 bucket to which the statement is applied. You cannot enter a simply bucket name, you need to specify the bucket name in a specific format. For example, the bucket name is javatpoint-bucket, then the resource would be written as “arn:aws:s3″”javatpoint-bucket/*”.
Differences between Amazon S3 and EC2?
S3
- It is a storage service where it can store any amount of data.
- It consists of a REST interface and uses secure HMAC-SHA1 authentication keys.
EC2
- It is a web service used for hosting an application.
- It is a virtual machine which can run either Linux or Windows and can also run the applications such as PHP, Python, Apache or other databases.
How many buckets can be created in S3?
By default, you can create up to 100 buckets.
What is Amazon EMR?
An Amazon EMR stands for Amazon Elastic MapReduce. It is a web service used to process the large amounts of data in a cost-effective manner. The central component of an Amazon EMR is a cluster. Each cluster is a collection of EC2 instances and an instance in a cluster is known as node. Each node has a specified role attached to it known as a node type, and an Amazon EMR installs the software components on node type.
Following are the node types:
- Master node
A master node runs the software components to distribute the tasks among other nodes in a cluster. It tracks the status of all the tasks and monitors the health of a cluster. - Core node
A core node runs the software components to process the tasks and stores the data in Hadoop Distributed File System (HDFS). Multi-node clusters will have at least one core node. - Task node
A task node with software components processes the task but does not store the data in HDFS. Task nodes are optional.
What are EBS Volumes?
Elastic Block Store is a service that provides a persistent block storage volume for use with EC2 instances in aws cloud. EBS volume is automatically replicated within its availability zone to prevent from the component failure. It offers high durability, availability, and low-latency performance required to run your workloads.
What are the different database types in RDS?
Following are the different database types in RDS:
- Amazon Aurora
- It is a database engine developed in RDS. Aurora database can run only on AWS infrastructure not like MySQL database which can be installed on any local device. It is a MySQL compatible relational database engine that combines the speed and availability of traditional databases with the open source databases.
- Postgre SQL
- PostgreSQL is an open source relational database for many developers and startups.
- It is easy to set up, operate, and can also scale PostgreSQL deployments in the cloud.
- You can also scale PostgreSQL deployments in minutes with cost-efficient.
- PostgreSQL database manages time-consuming administrative tasks such as PostgreSQL software installation, storage management, and backups for disaster recovery.
- MySQL
- It is an open source relational database.
- It is easy to set up, operate, and can also scale MySQL deployments in the cloud.
- By using Amazon RDS, you can deploy scalable MySQL servers in minutes with cost-efficient.
- MariaDB
- It is an open source relational database created by the developers of MySQL.
- It is easy to set up, operate, and can also scale MariaDB server deployments in the cloud.
- By using Amazon RDS, you can deploy scalable MariaDB servers in minutes with cost-efficient.
- It frees you from managing administrative tasks such as backups, software patching, monitoring, scaling and replication.
- Oracle
- It is a relational database developed by Oracle.
- It is easy to set up, operate, and can also scale Oracle database deployments in the cloud.
- You can deploy multiple editions of Oracle in minutes with cost-efficient.
- It frees you from managing administrative tasks such as backups, software patching, monitoring, scaling and replication.
- You can run Oracle under two different licensing models: “License Included” and “Bring Your Own License (BYOL)”. In License Included service model, you do need have to purchase the Oracle license separately as it is already licensed by AWS. In this model, pricing starts at $0.04 per hour. If you already have purchased the Oracle license, then you can use the BYOL model to run Oracle databases in Amazon RDS with pricing starts at $0.025 per hour.
- SQL Server
- SQL Server is a relational database developed by Microsoft.
- It is easy to set up, operate, and can also scale SQL Server deployments in the cloud.
- You can deploy multiple editions of SQL Server in minutes with cost-efficient.
- It frees you from managing administrative tasks such as backups, software patching, monitoring, scaling and replication.
What is AWS?
AWS stands for Amazon Web Services. It is a service which is provided by the Amazon that uses distributed IT infrastructure to provide different IT resources on demand. It provides different services such as an infrastructure as a service, platform as a service, and software as a service.
Differences between horizontal scaling and vertical scaling?
Vertical scaling means scaling the compute power such as CPU, RAM to your existing machine while horizontal scaling means adding more machines to your server or database. Horizontal scaling means increasing the number of nodes, and distributing the tasks among different nodes.
How many Elastic IPs can you create?
5 elastic IP addresses that you can create per AWS account per region.