[ S3 Access Logs ]
- For audit(품질검사) purpose, you may want to log all access to S3 buckets
- Any request made to S3, from any account, authorized or denied, will be logged into another S3 bucket
- That data can be analyzed using data analysis tools
- Or Amazon Athena as we'll see later in this section
# Warning
로깅 버킷을 로깅 모니터링 대상으로 두면 로깅 루프가 되어 버킷 사이즈가 기하급수적으로 커짐
* Do not set your logging bucket to be the monitored bucket
It will create logging loop, and your bucket will grow in size exponentially(기하급수적으로)
[ S3 Replication ]
- Must enable versioning in source and destination
- Cross Region Replication (CRR)
- Same Region Replication (SRR)
- Buckets can be in different accounts
- Copying is asynchronous
- Must give proper IAM permissions to S3
- CRR Use cases : compliance, lower latency access, replication across accounts
- SRR Use cases : log aggregation, live replication between production and test accounts
- After activating, only new objects are replicated (not retroactive)
- For Delete operations : any delete operation is not replicated
If you delete without a version ID, it adds a delete marker, not replicated
If you delete with a version ID, it deletes in the source, not replicated
- There is no "chaining" of replication
If bucket I has replication into bucket 2, wich has replication into bucket 3
Then objects created in bucket 1 are not replicated to bucket 3
[ S3 Pre-signed URLs ]
- Can generate pre-signed URLs using SDK or CLI
for downloads (easy, can use the CLI)
for uploads (harder, must use the SDK)
- Valid for a default of 3600 seconds, can change timeout with --expires-in [TIME_BY_SECONDS] argument
- Users given a pre-signed URL inherit the permissions of the person who generated the URL for GET/PUT
Examples :
1) Allow only logged-in users to download a premium video on your S3 bucket
2) Allow an ever changing list of users to download files by generating URLs dynamically
3) Allow temporarily a user to upload a file to a precies location in our bucket
'infra & cloud > AWS' 카테고리의 다른 글
| [AWS] 9-4. S3 Performance (0) | 2021.04.10 |
|---|---|
| [AWS] 9-3. Storage Classes + Glacier (0) | 2021.04.06 |
| [AWS] 9-1. S3 MFA Delete (0) | 2021.04.03 |
| [AWS] 8. AWS CLI : configuration (0) | 2021.04.01 |
| [AWS] 7-3. S3 Websites : CORS, Eventual Consistency, Strong Consistency (0) | 2021.04.01 |