Information Technology Reference
In-Depth Information
meant to be publicly available. This authentication and authorization for accessing your
data objects can be implemented with policies that limit access to your data objects to a set
number of users.
Object Access Policy
Cloud tenants can limit the access of their data objects by configuring
Object Access Authorization Policy on a pool of their objects or on the whole account. This
access could, for example, be limited to a specific application that provides a token string
every time it makes a request to fetch an object from the secure bucket.
Another common use case for implementing an object access authorization policy is to
enforce access limitation. Websites distributing content over the Internet may not want to
pay for the bandwidth resulting from requests originating from a specific region. They can
erect this access wall by implementing an access policy, filtering every request through their
application, and denying object read/write/delete requests based on the location where the
request originated.
Life Cycle Management
Almost every cloud provider now enables tenants to choose
between magnetic-based physical storage or SSD-based storage devices. Applications that
demand faster data element read/writes would choose to go with faster but more expen-
sive SSDs or a hybrid storage model that combines SSDs for performance-critical data and
magnetic disk-based storage for other data. There are further offerings within the magnetic
rotating disk category too.
Your application, for example, holds terabytes of video data of your combined user base. You
realize that videos that are three months old are not accessed much. This would mean that as
videos become older than three months, they can be migrated from S3 to the much cheaper
Glacier. This life cycle of a data objects, which is based on the life of the object, can be imple-
mented as part of a life cycle policy. Amazon, for example, offers the following policy options
for objects stored in S3:
Life Cycle
Specified life cycle of the object. You can even choose to delete an object
after a specified period of time. Previously, this had to be implemented within the
application, which would run an age check on every object stored and pick out objects
for deletion.
Versioning
Just as with a source control that tracks every change you commit to a file,
with the ability to reverse to a previous version, you can set policy to track modifications
your application makes to a data object. This can also be used to track the authenticity
of a data object and determine if any object has been tempered with.
CORS
A common use case is applications consuming their own data or websites con-
suming their own data. This is enforced through CORS, which stands for cross-origin
resource sharing and enables object owners (cloud tenants) to specify whether the GET
request for the object can be originated from only a specific domain or set of domains
or made available publicly.
ACL
Access control lists are a way to limit access to an object to a set of users. This is
different than setting CORS configuration.
Search WWH ::
Custom Search