Applying encryption to buckets – AWS Services for Data Storage – MLS-C01 Study Guide

Applying encryption to buckets

You also need to understand how enabling versioning on a bucket would help. There are use cases where a file is updated regularly, and versions will be created for the same file. To simulate this scenario, try the following example:

  1. In this example, you will create a file with versions written in it. You will overwrite it and retrieve it to check the versions in that file:

$ echo “Version-1″>version-doc.txt
$ aws s3 cp version-doc.txt s3://version-demo-mlpractice
$ aws s3 cp s3://version-demo-mlpractice/version-doc.txt
check.txt
$ cat check.txt
Version-1
$ echo “Version-2″>version-doc.txt
$ aws s3 cp version-doc.txt s3://version-demo-mlpractice
$ aws s3 cp s3://version-demo-mlpractice/version-doc.txt
check.txt
$ cat check.txt
Version-2

  • Upon retrieval, you got the latest version of the file, in other words, Version-2 in this case. To check each of the versions and the latest one of them, S3 provides the list-object-versions API, as shown here. From the JSON results, you can deduce the latest version:

$ aws s3api list-object-versions
–bucket version-demo-mlpractice
{
    “Versions”: [
        {
            “ETag”:
“\”b6690f56ca22c410a2782512d24cdc97\””,
            “Size”: 10,
            “StorageClass”: “STANDARD”,
            “Key”: “version-doc.txt”,
            “VersionId”:
“70wbLG6BMBEQhCXmwsriDgQoXafFmgGi”,
            “IsLatest”: true,
            “LastModified”: “2020-11-07T15:57:05+00:00”,
            “Owner”: {
                “DisplayName”: “baba”,
                “ID”: “XXXXXXXXXXXX”
            }
        },
        {
            “ETag”: “\”5022e6af0dd3d2ea70920438271b21a2\””,
            “Size”: 10,
            “StorageClass”: “STANDARD”,
            “Key”: “version-doc.txt”,
            “VersionId”: “f1iC.9L.MsP00tIb.sUMnfOEae240sIW”,
            “IsLatest”: false,
            “LastModified”: “2020-11-07T15:56:27+00:00”,
            “Owner”: {
                “DisplayName”: “baba”,
                “ID”: ” XXXXXXXXXXXX”
            }
        }
    ]
}

  • There may be a situation where you have to roll back to the earlier version of the current object. In the preceding example, the latest one is Version-2. You can make any desired version the latest or current version by parsing the VersionId sub-resource to the get-object API call and uploading that object again. The other way is to delete the current or latest version by passing versionId to the –version-id parameter in the delete-object API request. More details about the API are available here: https://docs.aws.amazon.com/cli/latest/reference/s3api/delete-object.html.
  • When you delete an object in a versioning-enabled bucket, it does not delete the object from the bucket. It just creates a marker called DeleteMarker. It looks like this:

$ aws s3api delete-object –bucket version-demo-mlpractice –key version-doc.txt
{
    “DeleteMarker”: true,
    “VersionId”: “BKv_Cxixtm7V48MWqBO_KUkKbcOaH5JP”
}

  • This means that the object is not deleted. You can list it by using this command:

aws s3api list-object-versions –bucket version-demo-mlpractice

  • Now the bucket has no objects as version-doc.txt, and you can verify this using the aws s3 ls command because that marker became the current version of the object with a new ID. If you try to retrieve an object that is deleted, which means a delete marker is serving the current version of the object, then you will get a 404 error. Hence, the permanent deletion of an object in a versioning-enabled bucket can only be achieved by deleting the object using their version IDs against each version. If a situation arises to get the object back, then the same object can be retrieved by deleting the delete marker, VersionId, as shown in the following example commands. A simple delete request (without the version ID) will not delete the delete marker and create another delete marker with a unique version ID. So, it’s possible to have multiple delete markers for the same object. It is important to note at this point that it will consume your storage and you will be billed for it:

$ aws s3 ls s3://version-demo-mlpractice/
$ aws s3api delete-object –bucket version-demo-mlpractice –key version-doc.txt –version-id BKv_Cxixtm7V48MWqBO_KUkKbcOaH5JP
{
    “DeleteMarker”: true,
    “VersionId”: “BKv_Cxixtm7V48MWqBO_KUkKbcOaH5JP”
}

  • Upon listing the bucket now, the older objects can be seen:

$ aws s3 ls s3://version-demo-mlpractice/
2020-11-07 15:57:05         10 version-doc.txt

As you have already covered the exam topics and practiced most of the required concepts, you should delete the objects in the bucket and then delete the bucket to save on costs. This step deletes the versions of the object and, in turn, removes the object permanently.

  • Here, the latest version is deleted by giving the version ID to it, followed by the other version ID:

$ aws s3api delete-object –bucket version-demo-mlpractice –key version-doc.txt –version-id 70wbLG6BMBEQhCXmwsriDgQoXafFmgGi

$ aws s3api delete-object –bucket version-demo-mlpractice –key version-doc.txt –version-id f1iC.9L.MsP00tIb.sUMnfOEae240sIW

$ aws s3api list-object-versions –bucket version-demo-mlpractice

You can clearly see the empty bucket now.