UNIT-4

Chapter-1-Cloud database
RDS: Relational Database Services

1.What is Database?

 A database is an organized collection of data, so that it can be easily accessed and managed.
 organize data into tables, rows, columns, and index it to make it easier to find relevant
information.
 Database handlers create a database in such a way that only one set of software program
provides access of data to all the users.
 The main purpose of the database is to operate a large amount of information by storing,
retrieving, and managing data.
 There are many dynamic websites on the World Wide Web nowadays which are handled
through databases.
 For example, a model that checks the availability of rooms in a hotel. It is an example of a
dynamic website that uses a database.
 There are many database engines available like MySQL, Sybase, Oracle, MongoDB,
Informix, PostgreSQL, SQL Server, etc.
 Modern databases are managed by the database management system (DBMS).
 SQL or Structured Query Language is used to operate on the data stored in a database. SQL
depends on relational algebra and tuple relational calculus.
 A cylindrical structure is used to display the image of a database.

2.Difference between DBMS vs RDBMS

What is DBMS?

A DBMS is a software used to store and manage data. The DBMS was introduced during 1960's to
store any data. It also offers manipulation of the data like insertion, deletion, and updating of the
data.

What is RDBMS?

Relational Database Management System (RDBMS) is an advanced version of a DBMS system. It

came into existence during 1970's. RDBMS system also allows the organization to access data more
efficiently then DBMS.

KEY DIFFERENCE
 DBMS stores data as a file whereas in RDBMS, data is stored in the form of tables.
 DBMS supports single users, while RDBMS supports multiple users.
 DBMS does not support client-server architecture but RDBMS supports client-server architecture.
 DBMS has low software and hardware requirements whereas RDBMS has higher hardware and
software requirements.
 In DBMS, data redundancy is common while in RDBMS, keys and indexes do not allow data
redundancy.

1
Difference between DBMS vs RDBMS
Parameter DBMS RDBMS
Storage DBMS stores data as a file. Data is stored in the form of tables.
RDBMS uses a tabular structure where the
Database DBMS system, stores data in either a
headers are the column names, and the rows
structure navigational or hierarchical form.
contain corresponding values

Number of Users DBMS supports single user only. It supports multiple users.

In a regular database, the data may not
be stored following the ACID model. This
ACID
can develop inconsistencies in the
database.
Relational databases are harder to construct,
but they are consistent and well structured.
They obey ACID (Atomicity, Consistency,
Isolation, Durability).

It is the program for managing the

It is the database systems which are used for
Type of program databases on the computer networks and
maintaining the relationships among the tables.
the system hard disks.

Hardware and
Low software and hardware needs. Higher hardware and software need.
software needs.
RDBMS supports the integrity constraints at
DBMS does not support the integrity
Integrity the schema level. Values beyond a defined
constants. The integrity constants are not
constraints range cannot be stored into the particular
imposed at the file level.
RDMS column.

Normalization DBMS does not support Normalization RDBMS can be Normalized.

Distributed DBMS does not support distributed

RBMS offers support for distributed databases.
Databases database.
DBMS system mainly deals with small RDMS is designed to handle a large amount of
Ideally suited for
quantity of data. data.
Dr. E.F. Codd Dbms satisfy less than seven of Dr. E.F.
Dbms satisfy 8 to 10 Dr. E.F. Codd Rules
Rules Codd Rules
DBMS does not support client-server
Client Server RDBMS supports client-server architecture.
architecture
Data fetching is slower for the complex Data fetching is rapid because of its relational
Data Fetching
and large amount of data. approach.
Data Data redundancy is common in this Keys and indexes do not allow Data
Redundancy model. redundancy.
Data is stored in the form of tables which are
Data Relationship No relationship between data related to each other with the help of foreign
keys.

Multiple levels of security. Log files are created

Security There is no security.
at OS, Command, and object level.

Data can be easily accessed using SQL query.

Data elements need to access
Data Access Multiple data elements can be accessed at the
individually.
same time.

Examples of DBMS are a file system, Example of RDBMS is MySQL, Oracle, SQL
Examples
XML, Windows Registry, etc. Server, etc.

2
3.DBMS Architecture
 The DBMS design depends upon its architecture. The basic client/server architecture is used to deal
with a large number of PCs, web servers, database servers and other components that are connected
with networks.
 The client/server architecture consists of many PCs and a workstation which are connected via the
network.
 DBMS architecture depends upon how users are connected to the database to get their request done.

Types of DBMS Architecture

Database architecture can be seen as a single tier or multi-tier. But logically, database architecture is of two
types like: 2-tier architecture and 3-tier architecture.

1-Tier Architecture
 In this architecture, the database is directly available to the user. It means the user can directly sit on the
DBMS and uses it.
 Any changes done here will directly be done on the database itself. It doesn't provide a handy tool for
end users.
 The 1-Tier architecture is used for development of the local application, where programmers can directly
communicate with the database for the quick response.

2-Tier Architecture
 The 2-Tier architecture is same as basic client-server. In the two-tier architecture, applications on the
client end can directly communicate with the database at the server side. For this interaction, API's
like: ODBC, JDBC are used.
 The user interfaces and application programs are run on the client-side.
 The server side is responsible to provide the functionalities like: query processing and transaction
management.
 To communicate with the DBMS, client-side application establishes a connection with the server side.

3
Fig: 2-tier Architecture

3-Tier Architecture
 The 3-Tier architecture contains another layer between the client and server. In this architecture, client
can't directly communicate with the server.
 The application on the client-end interacts with an application server which further communicates with
the database system.
 End user has no idea about the existence of the database beyond the application server. The database
also has no idea about any other user beyond the application.
 The 3-Tier architecture is used in case of large web application.

Fig: 3-tier Architecture

4.what is RDS ?
Amazon Relational Database Service (or Amazon RDS) is a distributed relational database service by Amazon
Web Services (AWS). It is a web service running "in the cloud" designed to simplify the setup, operation, and
scaling of a relational database for use in applications.

Features of RDS

 Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a
relational database in the cloud.

 It provides cost-efficient and resizable capacity while automating time-consuming administration tasks
such as hardware provisioning, database setup, patching and backups.

 It frees us to focus on our applications so we can give them the fast performance, high availability,
security and compatibility they need.

 Amazon RDS is available on several database instance types - optimized for memory, performance or I/O –

 It provides six familiar database engines, including Amazon Aurora, PostgreSQL, MySQL,MariaDB,
Oracle Database, and SQL Server.

 We can use the AWS Database Migration Service to easily migrate or replicate wer existing databases to
Amazon RDS..

 Amazon RDS is a managed relational database service .

 the code, applications, and tools we already use today with our existing databases can be used with
Amazon RDS.

 Amazon RDS handles routine database tasks such as provisioning, patching, backup, recovery, failure
detection, and repair.

4
  Amazon RDS makes it easy to use replication to enhance availability and reliability for production
workloads.

 Using the Multi-AZ deployment option, we can run mission-critical workloads with high availability and
built-in automated fail-over from wer primary database to a synchronously replicated secondary
database.

 Using Read Replicas, we can scale out beyond the capacity of a single database deployment for read-
heavy database workloads.

How many databases or schemas can I run within a DB instance?

 RDS for Amazon Aurora: No limit imposed by software

 RDS for MySQL: No limit imposed by software
 RDS for MariaDB: No limit imposed by software
 RDS for Oracle: 1 database per instance; no limit on number of schemas per database imposed by
software
 RDS for SQL Server: Up to 100 databases per instance see here: Amazon RDS SQL Server User Guide
 RDS for PostgreSQL: No limit imposed by software

Example: Create an MYSQL RDS DB Instance:

1. Sign in to the AWS Management Console and open the Amazon RDS console
at https://console.aws.amazon.com/rds/.
2. In the top-right corner of the AWS Management Console, choose the AWS Region in which you want to create the
DB instance. This example uses the US West (Oregon) region.
3. In the navigation pane, choose Databases.

If the navigation pane is closed, choose the menu icon at the top left to open it.
4. Choose Create database to open the Select engine page.
5. On the Select engine page, shown following, choose MySQL, and then choose Next.
6. On the Choose use case page, choose Dev/Test – MySQL, and then choose Next.
7. On the Specify DB details page, shown following, set these values:
1. License model: Use the default value.
2. DB engine version: Use the default value.
3. DB instance class: db.t2.small
4. Multi-AZ deployment: No
5. Storage type: General Purpose (SSD)
6. Allocated storage: 20 GiB
7. DB instance identifier: tutorial-db-instance
8. Master username: tutorial_user
9. Master password: Choose a password.
10. Confirm password: Retype the password.
8. Choose Next and set the following values in the Configure advanced settings page:

5
  Virtual Private Cloud (VPC): Choose an existing VPC with both public and private subnets, such as
the tutorial-vpc (vpc-identifier) created in Create a VPC with Private and Public Subnets
o Note:The VPC must have subnets in different Availability Zones.
 Subnet group: The DB subnet group for the VPC, such as the tutorial-db-subnet-group created
in Create a DB Subnet Group
 Public accessibility: No
 Availability zone: No Preference
 VPC security groups: Choose an existing VPC security group that is configured for private access, such as
the tutorial-db-securitygroup created in Create a VPC Security Group for a Private DB
Instance.Remove other security groups, such as the default security group, by choosing the X associated with
each.
 Database name: sample

 Leave the default settings for the other options.

9. To create your Amazon RDS MySQL DB instance, choose Create database.
10. On the next page, choose View DB instances details to view your RDS MySQL DB instance.
11. Wait for the DB instance status of your new DB instance to show as available. Then scroll to
the Connect section, shown following.

5.Relational Database- Types

SQL Server
 SQL Server is a Relational Database developed by Microsoft.
 SQL Server is easy to set up, operate, and scale the SQL Server deployments in the cloud.
 With the help of Amazon RDS, we can add multiple editions of SQL Server such as 2008 R2,
2012, 2014, 2016, 2017 in minutes with cost-effective and re-sizable compute capacity.
 It frees we from managing the time-consuming database administration tasks such as
provisioning, backups, software
 patching, monitoring, and hardware scaling.

6
  It supports "License-included" licensing model. In this model, we do not have to purchase the
Microsoft SQL Server licenses separately.
 Amazon RDS provides high availability of MS SQL Server using multi-availability zone
capability, and this reduces the risk to set and maintain the database manually.
 It manages the provisioning of the database, version upgrades of MS SQL Server and disk
storage management.

Some of the limitations are associated with the SQL Server:

 Each of the MS SQL Server instances has the availability of up to 30 databases.

 Amazon RDS does not support other MS SQL Server services such as SQL Server Analysis
Services (SSAS), SQL Server Integration Services (SSIS), SQL Server Reporting Services
(SSRS), Data Quality Services (DQS) or Master Data Services (MDS) on the same server as
Amazon RDS MS SQL Server DB instance.
 The maximum storage size for MS SQL Server Database Instance is 16 TB for General
purpose SSD storage.

Oracle
 It is a very popular relational database.
 It is used by big enterprises but can be used by other businesses as well.
 Oracle is a Relational Database Management developed by Oracle.
 It is easy to set up, operate, and scale Oracle deployment in the cloud.
 We can deploy multiple editions of Oracle in minutes with cost-effective and re-sizable
hardware capacity.
 Amazon RDS frees we from managing the time-consuming database administration tasks.
We need to focus on the development part.
 We can run Oracle under two different licensing models, i.e., "License Included" and "Bring-
Wer-Own-License".

Where,

License Included Model: In this model, we do not need to purchase the Oracle license separately,
i.e., Oracle Database software has been licensed by AWS only. The pricing starts at $0.04 per hour.

Bring-Wer-Own-License (BYOL): If we own Oracle Database License, then we can use the BYOL
model to run Oracle database on Amazon RDS. The pricing starts at $0.025 per hour. This model is
used by those customers who already have an existing Oracle license or purchase the new license to
run the Oracle database on Amazon RDS.

MySQL Server
 It is an open source relational database.
 It is free to download and use.
 It is very popular in the developer community.
 It is easy to set up, operate, and scale MySQL deployments in aws.
 We can deploy MySQL Servers in minutes with cost-effective and resizable hardware
capacity.
 It frees we from managing the time-consuming database administrative tasks such as
backups, monitoring, scaling and replication.
 An Amazon RDS supports MySQL versions such as 5.5, 5.6, 5.7, 5.8, and 8.0 which
means that the code, applications, and tools that we are using today can also be used
with Amazon RDS.

PostgreSQL
 It is an open source Relational database for enterprise developers and start-ups.
 It is easy to set up, operate, and scale PostgreSQL deployments in the cloud.

7
  With Amazon RDS, we can scale PostreSQL deployments in aws cloud in minutes with
cost-effective and resizable hardware capacity.
 It manages time-consuming administrative tasks such as PostgreSQL software
installation, storage management, replication for high availability, and backups for
disaster recovery.
 The code, applications, and tools that we use today can also be used with the Amazon
RDS.
 With few clicks in AWS Management Console, we can deploy PostgreSQL database with
automatically configured database parameters for on optimal performance.

Aurora
 It is a relational database, and closed source database engine.
 It is compatible with MySQL and delivers five times throughput of MySQL on the same
hardware.
 It is also compatible with PostgreSQL and delivers three times throughput of PostgreSQL on
the same hardware.
 Amazon RDS with Aurora manages the time-consuming administrative tasks such as
software installation, patching, and backups.
 The main features of Aurora are fault-tolerant, distributed, a self-healing storage system that
auto-scales upto 64 TB per database instance.
 It provides high-performance, availability, point-in-time recovery, continuous backed up to S3,
and replication across three availability zones.

MariaDB
 MariaDB is an open source relational database developed by the developers of MySQL.
 It is easy to set up, operate, and scale MariaDB deployments in the aws cloud.
 With Amazon RDS, we can deploy MariaDB databases in minutes with cost-effective and
resizable hardware capacity.
 It frees we from managing the time-consuming administrative tasks such as software
installation, patching, monitoring, scaling, and backups.
 Amazon RDS supports MariaDB versions such as 10.0, 10.1, 10.2, and 10.3 means that the
code, applications, and tools that we are using today can also be used with the Amazon RDS.

Benefits

Easy to administer

Amazon RDS makes it easy to go from project conception to deployment. Use the Amazon RDS Management
Console, the AWS RDS Command-Line Interface, or simple API calls to access the capabilities of a production-
ready relational database in minutes. No need for infrastructure provisioning, and no need for installing and
maintaining database software.
Highly scalable

We can scale wer database's compute and storage resources with only a few mouse clicks or an API call, often
with no downtime. Many Amazon RDS engine types allow we to launch one or more Read Replicas to offload
read traffic from wer primary database instance.
Available and durable

Amazon RDS runs on the same highly reliable infrastructure used by other Amazon Web Services. When we
provision a Multi-AZ DB Instance, Amazon RDS synchronously replicates the data to a standby instance in a
different Availability Zone (AZ). Amazon RDS has many other features that enhance reliability for critical
production databases, including automated backups, database snapshots, and automatic host replacement.
Fast

Amazon RDS supports the most demanding database applications. We can choose between two SSD-backed
storage options: one optimized for high-performance OLTP applications, and the other for cost-effective general-
purpose use. In addition, Amazon Aurora provides performance on par with commercial databases at 1/10th the
cost.

8
Secure

Amazon RDS makes it easy to control network access to wer database. Amazon RDS also lets we run wer
database instances in Amazon Virtual Private Cloud (Amazon VPC), which enables we to isolate wer database
instances and to connect to wer existing IT infrastructure through an industry-standard encrypted IPsec VPN.
Many Amazon RDS engine types offer encryption at rest and encryption in transit.
Inexpensive

We pay very low rates and only for the resources we actually consume. In addition, we benefit from the option
of On-Demand pricing with no up-front or long-term commitments, or even lower hourly rates via our Reserved
Instance pricing.

Featured RDS customers

9
 Amazon RDS Instance Types
 Amazon RDS provides a selection of instance types optimized to fit different relational
database use cases.
 Instance types comprise varying combinations of CPU, memory, storage, and
networking capacity and give us the flexibility to choose the appropriate mix of
resources for our database.
 Each instance type includes serveral instance sizes, allowing us to scale our
database to the requirements of our target workload.

Intances types of database:

• General purpose instances:T3,T2,M5,M4

• Memory optimized instances:R5,R4,X1,X1e,X1d
• Instance features: Burstable Performance Instances, Database Storage Options, EBS-
optimized Instances(elastic beans service)

1)General purpose:T3,T2,M5,M4

T3 instances are the next generation burstable general-purpose instance type that provide a baseline
level of CPU performance with the ability to burst CPU usage at any time for as long as required. T3
instances offer a balance of compute, memory, and network resources and are ideal for database
workloads with moderate CPU usage that experience temporary spikes in use.

Features:

 Burstable CPU, governed by CPU Credits, and consistent baseline performance

 Unlimited mode to ensure performance during peak periods
 Powered by the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor

10
 AWS Nitro System and high frequency Intel Xeon Scalable processors result in better price
performance than T2 instances

 Model  Core Count vCPU*  CPU Credits/hour

 Mem
 Network Performance (Gbps)
(GiB)

 db.t3.micro  1  2  12  1  Up to 5

 db.t3.small  1  2  24  2  Up to 5

 db.t3.medium  1  2  24  4  Up to 5

 db.t3.large  1  2  36  8  Up to 5

 db.t3.xlarge  2  4  96  16  Up to 5

 db.t3.2xlarge  4  8  192  32  Up to 5
All instances have the following specifications:

 2.5 GHz Intel Scalable Processor

 Intel AVX, Intel AVX2, Intel Turbo
 EBS Optimized
 Enhanced Networking

2) Memory optimized:R5,R4,X1,X1e,X1d

 R5 instances are the latest generation of memory optimized instances that deliver 5%
additional memory per vCPU than R4 with the largest size providing 768 GiB of memory. In
addition, R5 instances deliver a 10% price per GiB improvement and a ~20% increased CPU
performance over R4.

Features:

 Up to 768 GiB of memory per instance

 Intel Xeon Platinum 8000 series (Skylake-SP) processors with a sustained all core Turbo
CPU clock speed of up to 3.1 GHz
 Powered by the AWS Nitro System, a combination of dedicated hardware and lightweight
hypervisor

Core Mem Dedicated EBS Networking

Model vCPU Storage (GiB)
Count (GiB) Bandwidth (Mbps) Performance (Gbps)

db.r5.large 1 2 16 EBS-Only up to 3,500 Up to 10

db.r5.xlarge 2 4 32 EBS-Only up to 3,500 Up to 10

db.r5.2xlarge 4 8 64 EBS-Only up to 3,500 Up to 10

db.r5.4xlarge 8 16 128 EBS-Only 3,500 Up to 10

db.r5.12xlarge 24 48 384 EBS-Only 7,000 10

db.r5.24xlarge 48 96 768 EBS-Only 14,000 25

All instances have the following specs:

 Up to 3.1 GHz Intel® Xeon® Platinum 8000 Processor

 Intel AVX, Intel AVX2, Intel Turbo

11
  EBS Optimized
 Enhanced Networking

3)Instance features:

a)Burstable Performance Instances(Fixed Performance Instances (e.g. M5 and R5) and Burstable
Performance Instances (e.g. T3)),

b) Database Storage Options:

 Storage for Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and SQL
Server is built on Amazon EBS, a durable, block-level storage service.
 Amazon RDS provides three volume types to best meet the needs of our database
workloads: General Purpose (SSD) volume, Provisioned IOPS (SSD) volumes,
and Magnetic v0lumes.
 General Purpose (SSD-solid state drive) is an SSD-backed, general purpose
volume type that we recommend as the default choice for a broad range of
database workloads.
 Provisioned IOPS (SSD) volumes offer storage with consistent and low-latency
performance, and are designed for I/O intensive database workloads.
 Magnetic volumes provide a low cost per gigabyte and are provided for backwards
compatibility.),

c) EBS-optimized Instances(elastic beans service)

 EBS-optimized instances enable Amazon RDS to fully use the IOPS provisioned
on an EBS volume.
 EBS-optimized instances deliver dedicated throughput between Amazon RDS and
Amazon EBS, with options between 500 and 4,000 Megabits per second (Mbps)
depending on the instance type used.

6.Retention period
• we can set the backup retention period when we create a DB instance.
• If we don't set the backup retention period, the default backup retention period is one day if
we create the DB instance using the Amazon RDS API or the AWS CLI.
• The default backup retention period is seven days if we create the DB instance using the
console. After we create a DB instance, we can modify the backup retention period.
• we can set the backup retention period to between 0 and 35 days.
• Setting the backup retention period to 0 disables automated backups. Manual snapshot limits
(100 per region) do not apply to automated backups.

7.Connecting an Application to a Database Server.

• we can associate an Amazon RDS database server with an app when we create the app or
later by editing the app.
• our application can then use the database connection information—user name, password—to
connect to the database server.
• When you deploy an app, AWS OpsWorks Stacks provides this information to applications in
two ways:
• For Linux stacks, AWS OpsWorks Stacks creates a file on each of the built-in application
server instances containing the connection data that the application can use to connect to the
database server.

12
 • AWS OpsWorks Stacks includes the connection information in the stack configuration and
deployment attributes that are installed on each instance

8. Backups
• Amazon RDS creates and saves automated backups of your DB instance.
• Amazon RDS creates a storage volume snapshot of your DB instance, backing up the entire DB
instance and not just individual databases.
• Amazon RDS creates automated backups of your DB instance during the backup window of your DB
instance.
• Amazon RDS saves the automated backups of your DB instance according to the backup retention
period that you specify.
• If necessary, you can recover your database to any point in time during the backup retention period.

• Automated backups follow these rules:

• our DB instance must be in the AVAILABLE state for automated backups to occur. Automated
backups don't occur while your DB instance is in a state other than AVAILABLE, for example
STORAGE_FULL.

• Automated backups and automated snapshots don't occur while a copy is executing in the same
region for the same DB instance.

2 types of Backups

• Automated backups: by default, the automated backup feature of Amazon RDS will backup our
databases and transaction logs. 2 Types of Automated backups in aws RDS
• 1)Backup window : Daily backup up to user-configurable 30 minute period.Daily 30 minutes
• 2)Backup retention period:Automated backups are kept for a configurable number of days
upto35days
 DB snapshots: Snapshots are incremental backups, which means that only the blocks on the device
that have changed after our most recent snapshot are saved. 2 types of DB snapshots
 1)automated snapshots
 2)manual, shared, or public DB snapshot

DB snapshots

 snapshots are incremental copies of backup data.

 the snapshot includes the entire storage volume, the size of files, such as temporary files, also affects
the amount of time it takes to create the snapshot
 This minimizes the time required to create the snapshot
 saves on storage costs by not duplicating data
 When we delete a snapshot, only the data unique to that snapshot is removed
 Amazon RDS creates a storage volume snapshot of our DB instance,
 backing up the entire DB instance and not just individual databases.
 snapshots can not expire
 Create DB snapshotsUsing: AWS Management Console, the AWS CLI, or the RDS API.
 When we create a DB snapshot, need to identify which DB instance going to back up, and then give
wer DB snapshot a name so we can restore from it later.
 create snapshots, which are user-initiated backups of DB instance(or incremental backups of Db
instance) that are kept until we explicitly delete them.
 Snapshot Retention: If we want to keep an automated snapshot for a longer period, copy it to create a
manual snapshot, which is retained until we delete it.
Create DBsnapshots using instances in 2 ways: 1:using Single-AZ DB instance 2: Multi-AZ DB instance.
1)Create a DBsnapshot on a Single-AZ DB instance
 Single-AZ DB instance is affected by I/O suspension( results in a brief I/O suspension that can last from
a few seconds to a few minutes, depending on the size and class of wer DB instance.)

2) Create a DBsnapshot on a Multi-AZ DB instance

 Multi-AZ DB instances are not affected by this I/O suspension since the backup is taken on the standby

13
 Backups

RDS: by default, the automated backup feature of Amazon RDS will backup our databases and transaction
logs securely in Amazon S3 for a user-specified retention period.. Amazon RDS backup storage for each region is
composed of the automated backups and manual DB snapshots for that region.

DB instance creation: Each DB instance associated with automated backups and DB snapshots

2 types of Backups

1. automated
snapshots
1) Automated backups: by default, the 2) DB snapshots: 2 types 2. manual, shared,
automated backup feature of Amazon RDS
or public DB
will backup our databases and
transaction logs. 2 Types snapshot

Snapshots are incremental backups, which

means that only the blocks on the device that
have changed after our most recent snapshot
are saved.
Backup window : Backup retention period:

Daily backup up to user- Automated backups are kept for

configurable 30 minute
period.Daily 30 minutes
a configurable number of days
1. snapshots are incremental copies of data
upto 35 days 2. This minimizes the time required to create the snapshot
3. saves on storage costs by not duplicating data
4. When we delete a snapshot, only the data unique to that
snapshot is removed

delete a DB instance: 2 modes 5. Amazon RDS creates a storage volume snapshot of our
DB instance,
 chose to retain automated backups(saved for 6. backing up the entire DB instance and not just individual
databases.
full retention period)
7. the snapshot includes the entire storage volume, the
 don't choose Retain automated backups (the size of files, such as temporary files, also affects the
automated backups can't be recovered. ) amount of time it takes to create the snapshot
8. snapshots can not expire

 If we chose to retain automated backups when we Operations of DBsnapshots:

delete a DB instance, the automated backups are  Creating a DBsnapshot: using single-AZ DB Instance and
saved for the full retention period. Multi-AZ DB Instance
 If we don't choose Retain automated  Restoring from aDBsnapshot
backups when we delete a DB instance, all  Copying a DBsnapshot
automated backups are deleted with the DB  Sharing a DBsnapshot
instance. After they are deleted, the automated
backups can't be recovered.
 Delete a DBsnapshot
 Exporting DBsnapshot to Amazon S3
 If we choose to have Amazon RDS create a final DB
snapshot before it deletes wer DB instance, we can  Restore a DatabaseInstance to a specified Time
use that to recover wer DB instance.  Automating a DBsnapshot
 Accessing a DBsnapshot
 Viewing a DBsnapshot

14
9.DB Snapshots: Snapshots are incremental backups

DB snapshots

2 types:1) automated snapshots 2) manual, shared, or public DB snapshot

automated snapshots manual, shared, or public DB snapshot

 Manual snapshots are not deleted.(not automatically)

 we can have up to 100 manual snapshots per region
 automated DB snapshots want to delete without
deleting the DB instance->, change the backup
retention period for the DB instance to 0.
 The automated snapshots are deleted when the
 we can delete DB snapshots managed by Amazon RDS when
change is applied. no longer need them.
 After the change is complete, we can then re-  we can delete a manual, shared, or public DB
enable automatic backups by setting the backup snapshot using the AWS Management Console,
retention period to a number greater than 0. the AWS CLI, or the RDS API.
 If we deleted a DB instance, we can delete its  To delete a shared or public snapshot, must sign in
automated DB snapshots by removing the to the AWS account that owns the snapshot.
automated backups for the DB instance.

 With Amazon RDS, we can copy automated or manual

Snapshot Retention:
 Amazon RDS deletes automated snapshots at the end of
their retention period,
 Amazon RDS deletes automated snapshots when we disable
automated snapshots for a DB instance, or when we delete a
DB instance.
 If we want to keep an automated snapshot for a longer
period, copy it to create a manual snapshot, which is retained
until we delete it.
Features of DB Snapshots:
DB snapshots. After we copy a snapshot, the copy is a
manual snapshot.
 copy a snapshot within the same AWS Region, we can
copy a snapshot across AWS Regions, and we can copy
shared snapshots.
 Snapshot Retention: If we want to keep an automated
snapshot for a longer period, copy it to create a manual
snapshot, which is retained until we delete it.
 Amazon RDS storage costs might apply to manual snapshots
if they exceed wer default storage space.

 Snapshots are incremental backups . snapshot includes the entire storage volume, the size of files, such as
temporary files.
 Create DB snapshotsUsing: AWS Management Console, the AWS CLI, or the RDS API.
 When we create a DB snapshot, need to identify which DB instance going to back up, and then give wer DB
snapshot a name so we can restore from it later.
 create snapshots, which are user-initiated backups of DB instance(or incremental backups of Db instance)
that are kept until we explicitly delete them.
 Snapshot Retention: If we want to keep an automated snapshot for a longer period, copy it to create a
manual snapshot, which is retained until we delete it.

Create DBsnapshots using instances in 2 ways: 1:using Single-AZ DB instance 2: Multi-AZ DB instance.
1)Create a DBsnapshot on a Single-AZ DB instance
 Single-AZ DB instance is affected by I/O suspension( results in a brief I/O suspension that can last from a few
seconds to a few minutes, depending on the size and class of wer DB instance.)

15
 2) Create a DBsnapshot on a Multi-AZ DB instance
 Multi-AZ DB instances are not affected by this I/O suspension since the backup is taken on the standby

a)AWS Management Console:To create a DB snapshot

1. Sign in to the AWS Management Console and open the Amazon RDS console
at https://console.aws.amazon.com/rds/.
2. In the navigation pane, choose Databases.
3. In the list of DB instances, choose the DB instance for which we want to take a snapshot.
4. For Actions, choose Take snapshot.

The Take DB Snapshot window appears.

5. Type the name of the snapshot in the Snapshot Name box.

6. Choose Take Snapshot.

b)Deleting a Snapshot
 we can delete DB snapshots managed by Amazon RDS when we no longer need them.
 we can delete a manual, shared, or public DB snapshot using the AWS Management Console, the AWS
CLI, or the RDS API.
 To delete a shared or public snapshot, must sign in to the AWS account that owns the snapshot.
 If we have automated DB snapshots that we want to delete without deleting the DB instance, change
the backup retention period for the DB instance to 0.
 The automated snapshots are deleted when the change is applied.
 We can apply the change immediately if we don't want to wait until the next maintenance period.
 After the change is complete, we can then re-enable automatic backups by setting the backup retention
period to a number greater than 0.
 For information about modifying a DB instance, see Modifying an Amazon RDS DB Instance.
 If we deleted a DB instance, we can delete its automated DB snapshots by removing the automated
backups for the DB instance

16
 10.Create a sample oracle Db instance

 create a sample oracle Db instance using SQl plus

 create a sample oracle Db instance using linux os
 create a sample oracle Db instance using oracle developer

1.Creating a Sample Oracle DB Instance(connect to sql plus)

 Creation of DB instance where we run our Oracle databases.

 create a DB instance with with Easy Create enabled or not enabled.
 There are 2 approches 1)aws management console 2)aws CLI
 We can create a DB instance running Oracle with the AWS Management Console with Easy Create enabled or not enabled.
 With Easy Create enabled, we specify only the DB engine type, DB instance size, and DB instance identifier.
 Easy Create uses the default setting for other configuration options.
 With Easy Create not enabled, we specify more configuration options when we create a database, including ones for
availability, security, backups, and maintenance.
 For this example, we use Easy Create to create a DB instance running the Oracle database engine with a db.t2.micro DB
instance class.

AWS Management Console : To create an Oracle DB instance with Easy Create enabled
1. Sign in to the AWS Management Console and open the Amazon RDS console
at https://console.aws.amazon.com/rds/.
2. In the upper-right corner of the Amazon RDS console, choose the AWS Region in which we
want to create the DB instance.
3. In the navigation pane, choose Databases.
4. Choose Create database and ensure that Easy Create is chosen.

5. In Configuration, choose Oracle.

6. For DB instance size, choose Free tier. If Free tier isn't available, choose Dev/Test.

7. For DB instance identifier, enter a name for the DB instance, or leave the default name.

8. For Master username, enter a name for the master user, or leave the default name.

The Create database page should look similar to the following image.

17
10. To use an automatically generated master password for the DB instance, make sure that the Auto generate a password check

box is chosen.To enter our master password, clear the Auto generate a password check box, and then enter the same password

in Master password and Confirm password.

11. (Optional) Open View default settings for Easy create.

12. Choose Create database.

13. If we used an automatically generated password, the View credential details button appears on the Databases page.

14. To view the master user name and password for the DB instance, choose View credential details.

18
 15. For Databases, choose the name of the new Oracle DB instance.

16. On the RDS console, the details for new DB instance appear. The DB instance has a status of creating until the DB instance is

ready to use. When the state changes to available, we can connect to the DB instance. Depending on the DB instance class and

the amount of storage, it can take up to 20 minutes before the new instance is available.

11.To create an MySQLServer DB instance

Amazon RDS DB Instance

 The basic building block of Amazon RDS is the DB instance, where we create your databases.
 we choose the engine-specific characteristics of the DB instance when we create it.
 we also choose the storage capacity, CPU, memory, and so on, of the AWS instance on which the
database server runs.
 There are 3 modes: 1. console 2.AWS CLI and 3. RDS API
 we can create a DB instance by using the AWS Management Console with Easy Create enabled or
not enabled.
 With Easy Create enabled, we specify only the DB engine type, DB instance size, and DB instance
identifier. Easy Create uses the default setting for other configuration options.
 With Easy Create not enabled, we specify more configuration options when you create a database,
including ones for availability, security, backups, and maintenance.

Steps to create a MySQLServer DB instance

1. Sign in to the AWS Management Console and open the Amazon RDS console
at https://console.aws.amazon.com/rds/.
2. In the upper-right corner of the Amazon RDS console, choose the AWS Region in which you want to create the
DB instance.
3. In the navigation pane, choose Databases.
4. Choose Create database.
5. In Choose a database creation method, select Standard Create.
6. In Engine options, choose the engine type: MariaDB, Microsoft SQL Server, MySQL, Oracle, or
PostgreSQL. Microsoft SQL Server is shown here.

19
7. For Edition, if you're using Oracle or SQL Server choose the DB engine edition that you want to use.

MySQL has only one option for the edition, and MariaDB and PostgreSQL have none.
8. For Version, choose the engine version.

In Templates, choose the template that matches your use case. If you choose Production, the following are
preselected in a later step: We recommend these features for any production environment.

 Multi-AZ failover option

 Provisioned IOPS storage option
 Enable deletion protection option

Note : Template choices vary by edition.

9. To enter our master password, do the following:

 In the Settings section, open Credential Settings.
 Clear the Auto generate a password check box.
 (Optional) Change the Master username value and enter the same password in Master
password and Confirm password.

20
 .
 Choose Create database.

 If you chose to use an automatically generated password, the View credential details button
appears on the Databases page.To view the master user name and password for the DB instance,
choose View credential details.

For Databases, choose the name of the new DB instance.

 On the RDS console, the details for the new DB instance appear.
 The DB instance has a status of creating until the DB instance is created and ready for use.
 When the state changes to available, you can connect to the DB instance.
 Depending on the DB instance class and storage allocated, it can take several minutes for the new instance to be available.

21
 Chapter-2
S3(simple storage service)
Define S3:S3 object storage: highly scalable, highly available, extremely durable from anywhere
on the Internet.

Define bucket: A bucket is a logical unit of storage in Amazon Web Services (AWS) object
storage service, Simple Storage Solution (S3). Buckets are used to store objects, which consist of
data and metadata that describes the data.

1.What is Amazon S3?

 Amazon S3 is object storage built to store and retrieve any amount of data from anywhere on
the Internet.
 It’s a simple storage service (s3)that offers an extremely durable, highly available, and
infinitely scalable data storage infrastructure at very low costs.

2.Amazon S3 features
 Amazon S3 provides a simple web service interface that we can use to store and retrieve any
amount of data, at any time, from anywhere on the web.
 Using this web service, we can easily build applications that make use of Internet storage.
 Since Amazon S3 is highly scalable and we only pay for what we use,
 we can start small and grow our application as we wish, with no compromise on performance
or reliability.
 Amazon S3 is also designed to be highly flexible. Store any type and amount of data that we
want
 read the same piece of data a million times or only for emergency disaster recovery;
 build a simple FTP application, or a sophisticated web application such as the Amazon.com
retail web site.
 Amazon S3 frees developers to focus on innovation instead of figuring out how to store their
data.

How to create a S3 Bucket

First, you need to create an Amazon S3 bucket where you will store your objects.
 step1:Sign in to the preview version of the AWS Management Console
 step 2.Under Storage & Content Delivery, choose S3 to open the Amazon S3 console.
 step 3.From the Amazon S3 console dashboard, choose Create Bucket.
 step 4.In Create a Bucket, type a bucket name in Bucket Name.
 step 5.In Region, choose Oregon.
 step 6.Choose Create. When Amazon S3 successfully creates your bucket, the console
displays your empty bucket in the Buckets pane.

Security:
Customers may use four mechanisms for controlling access to Amazon S3 resources:

 Identity and Access Management (IAM) policies,

 bucket policies,
 Access Control Lists (ACLs),
 Query String Authentication.
1)IAM enables organizations with multiple employees to create and manage multiple users under a
single AWS account.

22
With IAM policies, customers can grant IAM users fine-grained control to their Amazon S3
bucket or objects while also retaining full control over everything the users do.
2)With bucket policies,

 customers can define rules which apply broadly across all requests to their Amazon S3
resources, such as granting write privileges to a subset of Amazon S3 resources.
 Customers can also restrict access based on an aspect of the request, such as HTTP
referrer and IP address.
3)With Access Control Lists( ACLs), customers can grant specific permissions (i.e. READ,
WRITE, FULL_CONTROL) to specific users for an individual bucket or object.
4)With Query String Authentication, customers can create a URL to an Amazon S3 object which is
only valid for a limited time.

3.Storage classes
1) S3 Standard
2) S3 Intelligent-Tiering
3) S3 Standard-Infrequent Access (S3 Standard-IA)
4) S3 One Zone-Infrequent Access (S3 One Zone-IA)
5) amazon S3 Glacier (S3 Glacier)
6) Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive)

 S3 Standard for general-purpose storage of frequently accessed data;

 S3 Intelligent-Tiering for data with unknown or changing access patterns;
 S3 Standard-Infrequent Access (S3 Standard-IA) and S3 One Zone-Infrequent Access (S3
One Zone-IA) for long-lived, but less frequently accessed data;
 amazon S3 Glacier (S3 Glacier) and Amazon S3 Glacier Deep Archive (S3 Glacier Deep
Archive) for long-term archive and digital preservation.

How reliable is Amazon S3?

Amazon S3 gives any developer access to the same highly scalable, highly available, fast,
inexpensive data storage infrastructure that Amazon uses to run its own global network of web sites.

 The S3 Standard storage class is designed for 99.99% availability,

 the S3 Standard-IA storage class is designed for 99.9% availability,
 the S3 One Zone-IA storage class is designed for 99.5% availability,
 the S3 Glacier and S3 Glacier Deep Archive class are designed for 99.99% availability and
SLA of 99.9%.
 S3 Standard-IA is designed for the same 99.999999999% durability as the S3 Standard and
S3 Glacier storage classes.
 S3 One Zone-IA storage class is designed for 99.999999999% of durability within an
Availability Zone.
 S3 Glacier Deep Archive is designed for the same 99.999999999% durability as the S3
Standard and S3 Glacier storage classes.

S3 Standard-IA storage class

 S3 Standard-IA provides the same performance as the S3 Standard and S3 One Zone-IA
storage classes.
 There are two ways to get data into S3 Standard-IA.
 we can directly PUT into S3 Standard-IA by specifying STANDARD_IA in the x-amz-storage-
class header.
 we can also set Lifecycle policies to transition objects from the S3 Standard to the S3
Standard-IA storage class.
 S3 Standard-IA offers the high durability, throughput, and low latency of the Amazon S3
Standard storage class, with a low per-GB storage price and per-GB retrieval fee.

23
S3 One Zone-IA storage class
 Customers can use S3 One Zone-IA for infrequently-accessed storage, like backup copies,
disaster recovery copies, or other easily re-creatable data.
 S3 One Zone-IA storage class offers similar performance to S3 Standard and S3 Standard-
Infrequent Access storage.
 S3 One Zone-IA storage class offers similar performance to S3 Standard and S3 Standard-
Infrequent Access storage.

S3 Glacier
 In fact, a very high percentage of the data stored in Amazon Glacier today comes directly
from customers using S3 Lifecycle policies to move cooler data into Amazon Glacier.
 Now, Amazon Glacier is officially part of S3 and will be known as Amazon S3 Glacier (S3
Glacier).
 use Lifecycle rules to automatically archive sets of Amazon S3 objects to S3 Glacier based
on object age.

S3 Glacier Deep Archive

 S3 Glacier Deep Archive is a new Amazon S3 storage class that provides secure and
durable object storage for long-term retention of data that is accessed once or twice in a year.
 From just $0.00099 per GB-month (less than one-tenth of one cent, or about $1 per TB-
month),
 S3 Glacier Deep Archive offers the lowest cost storage in the cloud, at prices significantly
lower than storing and maintaining data in on-premises magnetic tape libraries or archiving
data off-site.

How much data can I store in Amazon S3?

 The total volume of data and number of objects we can store are unlimited.
 Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5
terabytes.
 The largest object that can be uploaded in a single PUT is 5 gigabytes.
 Use the Multipart Upload capability for objects larger than 100 megabytes,

4.Amazon S3 Glacier
 Amazon Glacier is officially part of S3 and will be known as Amazon S3 Glacier (S3 Glacier).
 Amazon Glacier is a backup and archival storage service,
 it is storage class of Amazon S3.
 a very high percentage of the data stored in Amazon Glacier today comes directly from
customers using S3 Lifecycle policies to move cooler data into Amazon Glacier.
 utilize Amazon S3 Glacier’s extremely low-cost storage service for data archival.
 Examples of archive uses cases include
a. digital media archives,
b. financial and healthcare records,
c. raw genomic sequence data,
d. long-term database backups,
e. data that must be retained for regulatory compliance.
 If we have storage which should be immediately archived without delay, or if we make
business decisions about when to transition objects to S3 Glacier
 S3 PUT to Glacier allows us to use S3 APIs to upload to the S3 Glacier storage class on an
object-by-object basis.
 There are no transition delays and we control the timing.
 Use the Amazon S3 Management Console, the AWS SDKs, or the Amazon S3 APIs to
define rules for archival.
 Rules specify a prefix and time period. The prefix (e.g. “logs/”) identifies the object(s) subject
to the rule.

24
  The time period specifies either the number of days from object creation date (e.g. 180 days)
or the specified date after which the object(s) should be archived.
 To retrieve Amazon S3 data stored in S3 Glacier, initiate a retrieval job via the Amazon S3
APIs or Management Console. Once the retrieval job is complete, we can access data
through an Amazon S3 GET object request.
 They are designed to deliver 99.999999999% durability, and provide comprehensive security
and compliance capabilities that can help meet even the most stringent regulatory
requirements.
 Customers can store data for as little as $1 per terabyte per month, a significant savings
compared to on-premises solutions.
 Amazon S3 Glacier provides three options for access to archives, from a few minutes to
several hours, and S3 Glacier Deep Archive provides two access options ranging from 12 to
48 hours.

5.Static Website Hosting

 Static websites deliver HTML, JavaScript, images, video and other files to your website
visitors, and contain no application code.
 They are best for sites with few authors and relatively infrequent content changes, typically
personal and simple marketing websites.
 Static websites are very low cost, provide high-levels of reliability, require almost no IT
administration, and scale to handle enterprise-level traffic with no additional work
Diagram of Static website hosting structure

6.Server access logging

 Server access logging provides detailed records for the requests that are made to a bucket.
 Server access logs are useful for many applications.
 For example, access log information can be useful in security and access audits.
 It can also help you learn about your customer base and understand your Amazon S3 bill.

25
How to Enable Server Access Logging
To enable access logging, you must do the following:
• Turn on the log delivery by adding logging configuration on the bucket for which you want Amazon S3
to deliver access logs. We refer to this bucket as the source bucket.
• Grant the Amazon S3 Log Delivery group write permission on the bucket where you want the access
logs saved. We refer to this bucket as the target bucket.

7.Object-Level Logging (CloudTrail)

• Object-Level Logging, sometimes referred to as S3 CloudTrail logging, saves events
in json format in CloudTrail, which is AWS’s API-call eventing service.
• Once in CloudTrail, detailed events are stored in an S3 Bucket, and can be easily
integrated with other services such as CloudWatch (monitoring/alerts), SNS
(notifications), SQS (queues for other processing), and lambda functions (serverless
processing).
• Object-Level Logging is more complicated to understand and configure and has some
additional costs, but provides advanced functionality to address all logging use cases.
Diagram of Object Level Logging

26
In the flow above, you can see that Object-Level logging involves more services than server access
logging, specifically

• CloudTrail (for recording API call events) and CloudWatch (for notifications, alarms, and
metrics)
• When any bucket operation is performed, a more detailed and structured event (json format)
is generated in CloudTrail, which is configured to store the event data in an S3 Log bucket.
For notifications, CloudWatch is typically used as it has rich filtering functionality for
matching specific events and can generate metrics with alarms and notifications targeting
SNS, SQS, or lambda functions. Retention has to be configured both in CloudWatch as well
as the S3 Log Bucket.

Comparison of Server Access Logging Vs Object level logging

8.Versioning
 Versioning allows us to preserve, retrieve, and restore every version of every object stored in an
Amazon S3 bucket.
 Once we enable Versioning for a bucket, Amazon S3 preserves existing objects anytime we perform a
PUT, POST, COPY, or DELETE operation on them.
 By default, GET requests will retrieve the most recently written version.
 Versioning by enabling a setting on wer Amazon S3 bucket.
 By default, all requests to our Amazon S3 bucket require our AWS account credentials.
 easily recover from unintended user actions and application failures.
 use Versioning for data retention and archiving.
 We can use Lifecycle rules along with Versioning to implement a rollback window for Amazon S3
objects.
 When a user performs a DELETE operation on an object, subsequent simple (un-versioned) requests
will no longer retrieve the object.
 Versioning offers an additional level of protection by providing a means of recovery when
customers accidentally overwrite or delete objects.

27
  Versioning’s Multi-Factor Authentication (MFA) Delete used to provide an additional layer of
security.
 enable Versioning with MFA Delete on wer Amazon S3 bucket, two forms of authentication are
required to permanently delete a version of an object:
 1) AWS account credentials 2) valid six-digit code and serial number from an authentication device in
our physical possession.

• If we enable versioning for a bucket, Amazon S3 automatically generates a unique version ID for the
object being stored. In one bucket, for example, we can have two objects with the same key, but
different version IDs, such as photo.gif (version 111111) and photo.gif (version 121212).

•
• Versioning is a means of keeping multiple variants of an object in the same bucket.
• When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same
object simultaneously, it stores all of the objects.
• With versioning, you can easily recover from both unintended user actions and application failures.

9.Encryption
Encrypt data stored at amazon s3 by using
1) (Server-Side Encryption-s3 )SSE-S3,
2) SSE-C,
3) SSE-KMS,
4) Client library such as the Amazon S3 Encryption Client.

 All four enable us to store sensitive data encrypted at rest in Amazon S3.
1) SSE-S3 :
 It provides an integrated solution were Amazon handles key management and key
protection using multiple layers of security.
 Amazon manage our keys.
2) SSE-C:
 Use SSE-C if we want to maintain our own encryption keys,
 T doesn’t want to implement or use a client-side encryption library,

3) SSE-KMS (AWS Key Management Service)

 use AWS KMS to manage our encryption keys.
 It provides additional security.
 It provides separate permissions for the use of the master key,
 It provides an additional layer of control as well as protection against
unauthorized access to our objects stored in Amazon S3.
 AWS KMS provides an audit trail so we can see who used our key to access
which object and when,
 We can view failed attempts to access data from users without permission to
decrypt the data.
 It provides additional security controls to support customer efforts to comply with
PCI-DSS, HIPAA/HITECH, and FedRAMP industry requirements.

28
 4) Encryption client library, (the Amazon S3 Encryption Client):
 to maintain control of our encryption keys,
 able to implement or use a client-side encryption library, need to have our objects
encrypted before they are sent to Amazon S3 for storage.
 complete the encryption and decryption of objects client-side using an encryption
library of our choice.

10.Amazon S3 Transfer Acceleration

 Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over
long distances between client and Amazon S3 bucket regardless of client’s location.

Amazon S3 Transfer Acceleration

Client Amazon s3
bucket
 The amount of acceleration primarily depends on available bandwidth, the distance
between the source and destination, and packet loss rates on the network path.
 making S3 Transfer Acceleration a better choice if a higher throughput is desired
 enable S3 Transfer Acceleration on an S3 bucket using the Amazon S3 console, the
Amazon S3 API, or the AWS CLI.
 After S3 Transfer Acceleration is enabled, we can point Amazon S3 PUT and GET
requests to the s3-accelerate endpoint domain name.
 Data transfer application must use one of the following two types of endpoints to
access the bucket for faster data transfer:
1)s3-accelerate.amazonaws.com
2)s3-accelerate.dualstack.amazonaws.com for the “dual-stack” endpoint.
 S3 Transfer Acceleration optimizes the TCP protocol
 S3 Transfer Acceleration communicates with clients over standard TCP and does not
require firewall changes.
 It adds additional intelligence between the client and the S3 bucket,
 All Amazon S3 security features, such as access restriction based on a client’s IP
address,
 If we want to use standard data transfer, we can continue to use the regular endpoints.
 S3 Transfer Acceleration supports all bucket level features including multipart
uploads.
 S3 Transfer Acceleration provides the same security as regular transfers to Amazon
S3.
 S3 Transfer Acceleration leverages Amazon CloudFront’s globally distributed AWS
Edge Locations.
 As data arrives at an AWS Edge Location, data is routed to Amazon S3 bucket over
an optimized network path. No data is ever saved at AWS Edge Locations.

29
  If we have objects that are smaller than 1GB or if the data set is less than 1GB in size,
should consider using Amazon CloudFront's PUT/POST commands for optimal
performance.

11.S3 Object Lock

 Amazon S3 Object Lock is a new Amazon S3 feature
 Amazon S3 Object Lock ,blocks deletion of an object for the duration of a
specified retention period.
 we can enforce retention policies as an added layer of data protection or for regulatory
compliance.
 Coupled with S3 Versioning, which protects objects from being overwritten,
 objects remain immutable for as long as WORM protection is applied.
 apply WORM protection by either assigning a Retain Until Date(Retention
period) or a Legal Hold to an object using the AWS SDK, CLI, REST API, or the
S3 Management Console.
 Amazon S3 object lock provides two ways to manage object retention: retention
periods and legal holds.
 A retention period specifies a fixed period of time during which an object remains
locked. During this period, your object is WORM-protected and can't be overwritten
or deleted.
 A legal hold provides the same protection as a retention period, but it has no
expiration date. Instead, a legal hold remains in place until you explicitly remove it.
Legal holds are independent from retention periods.
 apply retention settings within a PUT request, or apply them to an existing object after
it has been created.
 S3 Object Lock can be configured in one of two Modes.
 1) Governance Mode 2) Compliance Mode
 Governance Mode: AWS accounts with specific IAM permissions are able to
remove WORM protection from an object.
 If we require stronger immutability in order to comply with regulations, we can use
Compliance Mode.
 In Compliance Mode, WORM protection cannot be removed by any user, including
the root account.
 In order to place and remove Legal Holds, wer AWS account must have write
permission for the PutObjectLegalHold action.
 Legal Hold can be applied to any object in an S3 Object Lock enabled bucket,
whether or not that object is currently WORM-protected by a retention period.
 migrate workloads from existing write-once-read-many (WORM) systems into
Amazon S3,
 configure S3 Object Lock at the object- and bucket-levels to prevent object version
deletions prior to pre-defined Retain Until Dates or Legal Hold Dates.
 use S3 Object Lock if we have regulatory requirements that specify that data must be
WORM protected, or if we want to add an additional layer of protection to data in
Amazon S3.

30
  S3 Object Lock can help us to meet regulatory requirements that specify that data
should be stored in an immutable format, and also can protect against accidental or
malicious deletion for data in Amazon S3.

Note:
 The Retain Until Date (retention period )defines the length of time for which an
object will remain immutable. object cannot be modified or deleted until the Retain
Until Date has passed.If a user attempts to delete an object before its Retain Until
Date has passed, the operation will be denied.
 Alternatively, we can make an object immutable by applying a Legal Hold to that
object. A Legal Hold places indefinite S3 Object Lock protection on an object, which
will remain until it is explicitly removed.

12.Requester pay

• In general, bucket owners pay for all Amazon S3 storage and data transfer costs associated
with their bucket.

• A bucket owner, however, can configure a bucket to be a Requester Pays bucket.

• With Requester Pays buckets, the requester instead of the bucket owner pays the cost of the
request and the data download from the bucket.

• The bucket owner always pays the cost of storing data.

• The Requester Pays model can be used in two ways.

• 1.First, by simply marking a bucket as Requester Pays, data owners can provide access to
large data sets without incurring charges for data transfer or requests.

• 2. Second, the Requester Pays feature can be used in conjunction with Amazon DevPay.
Content owners charge a markup for access to the data. The price can include a monthly fee,
a markup on the data transfer costs, and a markup on the cost of each GET.

31