Monday, 17 April 2017

Query from KnowledgeIndia Viewers - 001



I got following questions from one of our viewers and I thought of answering it here --

Please SUBSCRIBE to this blog by entering and VERIFYING your email on right side.
1. Can we limit versioning, Meaning to ask, versioning if enabled keeps all the modified files, can I limit it to the last 3 modifications?
ANS: You can limit it by time. E.g. that versions of last 3 days would remain there. You can move older versions to different storage classes with help Lifecycle Policies. In another case, you can write your custom Lambda function which gets invoked every time an object gets created and it could check and keep last 3 versions of that object and delete anything older.




2.When I choose s3 from the console, it doesn't allow me to choose a region from the console, Whereas after going into S3, it allows me to choose a region? why is that?
ANS: Many people have got that confusion. In case of S3, you see all your buckets (irrespective of their region) in one UI. That's why you cannot choose region at top. But, an S3 bucket belongs to one region only, hence you need to choose that when you are creating an S3 bucket.
3.What is the need to mandate versioning in cross-region replication? Any theory behind it?
ANS: Few things are done based on Engineering choices done by the product development team. I guess this is one out of them. A very good read is this page -- http://docs.aws.amazon.com/AmazonS3/latest/dev/crr-what-is-isnot-replicated.html



4.When I give a user named trinity, full S3 admin access in IAM, and then I create a bucket named Skynet only for few users, will trinity(user) still have full access over Skynet(bucket) ?
ANS: How are you ensuring that Skynet is created for few users? When you create a resource, you don't create it for a user, rather you use IAM to control which user can access that resource. In the above case Trinity has full S3 access and hence she would be able to access Skynet. But, you can explore the opportunity of denying her access at Bucket Policy level (defined at Skynet bucket).

5. After enabling cross region replication , if i delete the content in the source or destination , that deletion is not getting replicated . i can still see the file intact in my destination folder ? [In my case, though i replicated only a part of the file from the source, [replication was successful] , But when i deleted the whole source bucket, the files still where intact in my destination ?

ANS: This is the behavior shown by S3.

5 comments:

  1. SO, When you say S3 belongs to one region only? so you mean to say , it belongs to the region what i choose right ? just clarifying , I know that is what it is :)
    2. Coming to Trinity and Skynet,
    You had asked how am i ensuring it,
    Me being the root, I created a bucket [skynet] and under that buckets permission only i have both object and permission access, i dint give any permission to public permission or any authenticated AWS user. Still the user trinity who i cerated and gave her full S3 access has access to the skynet bucket .
    3. So with regards to cross region replication, the deletion has to be done manually ? thats the only solution ?

    ReplyDelete
    Replies
    1. 1. YES

      2. Trinity is an IAM user in your account and you have given her Full S3 access hence she is able to access the bucket. There is nothing like "bucket named Skynet only for few users". You control the access to a resource via policies. Any user in an account can access any resource, provided he has right set of permissions.

      3. In case of a specific version ID, YES. Else, NO. Please read above again.

      Delete
  2. Sir, i really dint understand what it means by specific version ID, In my case, i just highlight the bucket [the whole bucket] and delete it.
    How to delete the bucket using a specific version ID ? are we talking through CLI mode ? kindly explain

    ReplyDelete
    Replies
    1. Go ahead and read Versioning please - http://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectVersioning.html

      Delete
    2. Also, CRR is there for replication of Objects in a bucket to other bucket. It does not mean that if you delete Bucket1 then Bucket2 would get deleted.

      Delete

Note: only a member of this blog may post a comment.

Most Popular Posts