A web design company currently runs several FTP servers that their 250 customers use to upload and
download large graphic files They wish to move this system to AWS to make it more scalable, but they wish to
maintain customer privacy and Keep costs to a minimum.
What AWS architecture would you recommend?
A.
ASK their customers to use an S3 client instead of an FTP client. Create a single S3 bucket Create an IAM
user for each customer Put the IAM Users in a Group that has an IAM policy that permits access to subdirectories within the bucket via use of the ‘username’ Policy variable.
B.
Create a single S3 bucket with Reduced Redundancy Storage turned on and ask their customers to use an S3
client instead of an FTP client Create a bucket for each customer with a Bucket Policy that permits access only
to that one customer.
C.
Create an auto-scaling group of FTP servers with a scaling policy to automatically scale-in when minimum
network traffic on the auto-scaling group is below a given threshold. Load a central list of ftp users from S3 as
part of the user Data startup script on each Instance.
D.
Create a single S3 bucket with Requester Pays turned on and ask their customers to use an S3 client instead
of an FTP client Create a bucket tor each customer with a Bucket Policy that permits access only to that one
customer.
Does this sounds right?
A
Hi,
I would go for answer A (because it is cheaper than C)
See also:
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html
Any thoughts are welcome.
Thanks,
Frank
Even I will agree with A option.
IAM is not intended to use by external users
Answer A makes sense however in order to maintain customer privacy the credentials should not change and despite the cost of running the FTP is higher they should not compromise the user access methods. The hassle of changing the process, post implementation support, type of S3 client suggestion would be nightmare. The customers have already defined the use of FTP, they all have to change their codes.
Therefore Answer C is correct in my opinion.
I agree with @James, customer privacy is the important factor here.
Yes, I think so, too.
Besides, C should “make it more scalable”.
answer is A
C is the correct answer as it need minimum change for customer
I agree that A is the best solution. It makes specific mention to keep costs to a minimum and makes no mention of reducing impact to customers.
Work to what is specifically stated or requested in the question, not what is omitted. Assumptions are always incorrect.
Correct Answer is A
http://blogs.aws.amazon.com/security/post/Tx1P2T3LFXXCNB5/Writing-IAM-policies-Grant-access-to-user-specific-folders-in-an-Amazon-S3-bucke
This …
The 2 important point in question is privacy and keep the cost minimum .They didn’t concern about re write the code . They pointed out “Customer wish to move” .So they ready to re architect the env .Also they are uploading and downloading large files including scalable manner. With S3 privacy can achieve with IAM group policy and scalable also possible .cost minimum..So S3 will fit for all these requirements…If you use FTP server what is the plan for storage? no clue….
So i would prefer option A.
Just checking in why B cannot go? the question says cheapest solution, and RRS is cheaper than the normal s3, as s3 is more durable than RRS, but the question talks on scalability.
Will appreciate some clarity from gurus in here 🙂
@Senator: You’re right, re: question lists scalability as a key requirement. Customer is moving to AWS with 250 users today, but if they are moving to AWS specifically for the scalability AWS can get them, then they anticipate many more.
Re: option B: Managing many users (250 is already bad enough) as separate IAM accounts, separate buckets, and separate bucket policies is going to become a headache if this company anticipates growing out to “web scale”.
So while B is definitely less expensive using RRS than normal S3, it fails the key scalability requirement that is the reason the customer is moving to AWS in the first place.
Option D fails the scalability requirement for the same reason, have to write a policy per user.
Re: Option A, and the excellent explanation in the writeup michjojo linked to above, you only have one bucket policy to manage, because it uses the IAM user’s name in each directory, and then just substitutes the username attribute as a variable in the bucket policy. So one policy fits all, and Option A definitely scales better. And storing in S3 is probably going to be cheaper than storing to EBS volumes on FTP servers as in Option C.
It cannot be B because you can not “turn ON or OFF S3 Reduced Redundancy” that’s a type of storage, not a feature to be turned on/off. The answer doesn’t make sense
c
Answer must be C, any mention of the S3 client should be taken with caution as it’s meant to be used as a developer’s tool and not a client interface
I’ll go with C, reason: in question we have keywords ‘scalable’ and company wants to ‘move systems’ to aws, which is best suited for Auto-scaling group.
C
A is wrong IMO, because you need to preserve privacy, but the suggested solution gives all users “has an IAM policy that permits access to subdirectories”, which means that user A can access sub-directory B, and so on.
So C is better for me.
C also I think the scalable word confirm the answer
A is the right answer.
Great example to support it is here: https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/
C doesn’t allow to keep costs to a minimum.
Agreed that link makes it clear
Option A is perfect if used as federated access. IAM is not intended to use by external/end users?
The term “IAM user” doesn’t mean someone who has permissions to make changes in IAM. It means someone defined in IAM as a user of AWS. You can create a user account in IAM with one and only one permission: to write into one specific prefix in a bucket.
C is not correct because:
Load a central list of ftp users from S3 as part of the user Data
user data can be only executed when launch instance. So if any change of ftp users list should cause headache.
Can somebody please advise if these questions are the real questions from the real exam?
Appreciated.
A for sure
A
C – scalable !!
How would you add shared storage to group of ec2 servers?
So I would go for A.
A
C
A