current position:Home>AWS serverless design-s3

AWS serverless design-s3

2022-04-29 07:57:24zoobuzas

AWS serverless Design -S3

Can you guess the usage from the bucket name ?

This is the same as naming variables , But if the name is right , If you look at the bucket name and don't know what it is used for , You have to check it . If you decide to include production... In the production bucket , You can reduce the number of operations .
 Insert picture description here

Whether to place the bucket in the area you want ?

ALB Logs can only be output to buckets in the same area .
https://docs.aws.amazon.com/ja_jp/elasticloadbalancing/latest/application/load-balancer-access-logs.html
If you use VPC Terminal node access S3, from EC2 Your access will be faster, but please note , It can only work with VPC Used in buckets in the same area .
https://aws.amazon.com/jp/premiumsupport/knowledge-center/s3-maximum-transfer-speed-ec2/

Is the storage level reasonable ?

Infrequently accessed objects can be accessed through Standard-Infrequent Access,One Zone-Infrequent Access Etc , To reduce costs .
( Be careful One Zone-Infrequent Access because AZ Fail to access )
https://aws.amazon.com/jp/s3/storage-classes/?nc1=h_ls

Whether the version control settings are appropriate ?

If you accidentally delete an object , If version control is enabled , You can undo it . however , You will also pay for past versions of the object .
https://docs.aws.amazon.com/ja_jp/AmazonS3/latest/userguide/Versioning.html

Whether the life cycle rules are appropriate ?

Frequent visits in the first month , After that, the access frequency dropped sharply . under these circumstances , Setting life cycle rules to low frequency storage classes will reduce costs . If you want to delete the log after a certain time , You can also set deletion rules .
https://docs.aws.amazon.com/ja_jp/AmazonS3/latest/userguide/object-lifecycle-mgmt.html

Whether the encryption settings are appropriate ?

Encrypt your important data . But there seem to be various restrictions , So be careful ( I'm not very familiar with , be it so ……)
https://docs.aws.amazon.com/ja_jp/AmazonS3/latest/userguide/bucket-encryption.html

Block public access Whether the setting is appropriate ?

If you open this , In the bucket policy /ACL Is incorrectly set to public
When you allow public access, it will give you an error .
https://dev.classmethod.jp/articles/s3-block-public-access/
 Insert picture description here

Ban ACL

We ban ACL, It will be very simple. , Because you can only pass bucket Policy to control access , And when uploading , You're in trouble

https://aws.amazon.com/jp/about-aws/whats-new/2021/11/amazon-s3-object-ownership-simplify-access-management-data-s3/
https://dev.classmethod.jp/articles/s3-bucket-owner-enforced/

Minimize bucket policy (Policy) The authority given

et-owner-enforced/

Minimize bucket policy (Policy) The authority given

When you don't know what permissions you need , It's easy to set such a bucket policy , But it's dangerous . Only the minimum write permission is allowed .

copyright notice
author[zoobuzas],Please bring the original link to reprint, thank you.
https://en.qdmana.com/2022/119/202204290550503541.html

Random recommended