Storage

“From the Mailbag” gives us at AWS w/ .NET the opportunity to answer questions from our users. Got a question for us? Ask us here.

Photo by Joanna Kosinska on Unsplash

Question

I’m a software developer and I’m new to AWS. What’s the difference between the Elastic Block Store service and the Elastic File System service?

Response

Amazon EBS or Elastic Block Store is a highly available block storage service offered by AWS. Amazon Elastic block storage offers 99.999% availability and 99.999% durability . When you think of Amazon EBS, think hard drive or SSD. Amazon Elastic File System or EFS, is a serverless file system service that allows for the sharing of data among thousands of clients. Amazon EFS provides 99.999999999% durability and up to 99.99% availability. When you think of EFS, think Linux compatible network file shares.

“From the Mailbag” gives us at AWS w/ .NET the opportunity to answer questions from our users. Got a question for us? Ask us here.

Photo by Joanna Kosinska on Unsplash

Question

My company is switching cloud providers and is moving object storage to Amazon S3. Can you help explain the different S3 storage classes?

Response

First, note that all classes aside from S3 One Zone-IA stores data in at least 3 AZs.

“From the Mailbag” gives us at AWS w/ .NET the opportunity to answer questions from our users. Got a question for us? Ask us here.

Photo by Joanna Kosinska on Unsplash

Question

Our company has an S3 bucket where multiple companies upload CSV files for later processing. Is it possible to require that all files in that bucket be encrypted?

Response

S3 has a lot of flexibility when it comes to encryption. S3 objects can be encrypted client side and then uploaded or objects can be encrypted server side using KMS keys, customer provided keys or S3 keys. In order to enforce that all S3 objects in a bucket are encrypted, use a bucket policy requiring that all object uploads must provide the x-amz-server-side-encryption header. More on the x-amz-server-side-encryption header can be found here: Using Server Side Encryption.

Get all the code on GitHub.

Your application needs to temporarily expose private files  which are stored in Amazon S3.  Giving each user separate permissions to each file is not feasible and will not scale.  There are a few reasonable solutions for this situation, but Amazon S3 presigned URLs might be the simplest.

Amazon S3 presigned URLs allow an object owner to grant temporary access to an object in a private bucket by sharing a URL.  However, this is no ordinary URL. An Amazon S3 presigned URL contains 4 major components : the location of the file, the AWS access key Id of the user that is granting access to the object (AWSAccessKeyId), the object expiration (Expires) and the signature (Signature).  The location of the file is obvious, but what about the other attributes?