Demystifying Amazon Web Services: An Enterprise Admins view of the public cloud (Part IV)

Posted by Jeremy Goodrum Topics: AWS

Object Storage is, for many, a very new idea. Traditional enterprise applications rely on either dedicated SCSI devices (Hard Drives, JBOD, LUNs) or Shared Files Systems (CIFS, SMB, NFS) to serve their data. The idea is that applications need to read and write to files quickly and easily. But the real question comes from application data that needs to be read but rarely if ever overwritten.

Simple Storage Service (S3)
One of the first services that Amazon introduced was their answer to object storage. It makes sense, right? We use Object Storage everyday without thinking about it. Almost all of the pages on this site are simply HTML objects sitting in the cloud. These are files which are read (I hope frequently) but changes aren’t as common. Web directories just make sense. Personally, I store all of the photos and videos of my two boys in a protected S3 bucket. It is fast and cost effective and gives me peace of mind.

When we discussed AWS EC2 instances, we discussed that EC2 instances, and subsequently their EBS storage, isn’t intended to be always persistent. In fact, the real power of the cloud is the ability to quickly deploy new servers. Why troubleshoot an issue with an instance if you can stand another up in the time it takes to get a coffee. This is where S3 comes in very handy. If servers are like a deck of playing cards that you put in the spokes of your bicycle (I can’t be the only one) then the world becomes a very different place.

Amazon suggests using S3 as your long-term server configuration backup location (say that 5 times real fast). It is a good place to store logs, configuration details, scripts, and even software. Our TestDrive Program uses this heavily. Almost all of the machines that are deployed are straight out of the marketplace. The scripts and configurations are all pulled from S3 Objects during launch.

Key features of S3:

  1. Security and Access Management: This is a topic all to itself. S3 can be configured to granularly control who has access and even when or how long. This can be programmatically configured in your application and real time.
  2. Encryption Support: A real hot topic for anyone considering storing protected assets in the cloud
  3. Versioning and Lifecycle Management: Remember, writing to an object replaces the object. Versioning allows you to restore files from previous copies. Lifecycle Management sends files of certain rules to either be long term stored in Glacier or actually purge them. (Do you really need the log files from six months ago?)

The last entry in this series tackled the merge of traditional storage concepts like hard disks and how they translate to Amazon EBS. In the case of S3, objects and files become a combined facet to how the cloud ecosystem evolves. The real question is how do I begin to secure my infrastructure? How do I protect my servers and my data? We will start tackling that idea in the next part to this series.

Other articles in this series

Demystifying Amazon Web Services: An Enterprise Admins view of the public cloud

Part I: Virtual Private Clouds
Part II: Elastic Cloud Compute [EC2] - Virtual Servers
Part III: Elastic Block Storage [EBS] - Virtual HardDisks
Part IV: Simple Storage Service [S3] - Object Storage
Part V: Cloud Security Principles - EC2 Security Groups
Part VI: Cloud Security Principles - Identity & Access Management