Documentation
Start typing to search…

AWS S3 Bucket (Blob Storage)

You'll find a digital twin of your S3 bucket in your Tensor9 AWS account. This S3 bucket high fidelity digital twin is comprised of three components:

  1. CloudWatch Dashboard: Displays key metrics for monitoring bucket activity.
  2. Forwarding Bucket: A real S3 bucket that you to forward PUT and DELETE operations to the corresponding bucket in the appliance.
  3. SNS Topic for Status Notifications: Receives notifications about the status of forwarding operations.

Here's how each component works:

CloudWatch Dashboard

The dashboard provides key metrics such as:

  • Read/Write/Delete Operations: Number of read, write, and delete requests.
  • Request Latency: Average latency for operations forwarded through the digital twin.
  • Data Transfer Volume: The amount of data sent through the forwarding bucket.
  • Error Rate: Number of failed requests (e.g., due to permission issues or conflicts).

This dashboard allows you to monitor how your customer's appliance is interacting with its S3 bucket.

Forwarding Bucket

The forwarding bucket is a real S3 bucket in your Tensor9 AWS account. It allows you to:

  • PUT objects (including multi-part uploads) with tags and metadata.
  • DELETE objects within the allowed prefixes.

All operations in the forwarding bucket are forwarded to the corresponding bucket in the appliance.

Important notes:

  • You cannot change the configuration of the forwarding bucket—it is managed by Tensor9 and is used solely for object-level operations (PUT and DELETE).
  • ACLs are not supported. Instead, access control relies on the bucket policies defined in the appliance.
  • The forwarding bucket syncs periodically to the appliance’s bucket, but there is no SLA for synchronization timing.
  • Overwrites are allowed, and you can retry uploads to the forwarding bucket as needed.

Read/List Operations:

  • You can LIST and GET objects from the forwarding bucket, but these operations reflect the contents of the forwarding bucket, not the bucket inside the appliance.
  • This helps verify the contents being forwarded without requiring direct access to the appliance.

SNS Topic for Status Notifications

Your S3 bucket digital twin also exposes an SNS topic to provide status updates on forwarding operations. Each operation you perform in the forwarding bucket generates a status message that is appended to the SNS topic. Notifications may include:

  • Success: The object was successfully forwarded to the appliance bucket.
  • Conflict: There was a version conflict (e.g., the object already exists with different data).
  • Failure: An error occurred (e.g., due to permission issues).

The SNS topic allows you to programmatically track the results of your forwarding requests and handle any issues efficiently.

Security and Audit Logging

  • The customer must explicitly allow-list the prefixes that the forwarding bucket can write to and delete from.
  • All forwarded operations (writes and deletes) are appended to the customer’s audit log for transparency and traceability.
  • The customer must explicitly allow-list which metrics can be sent to the digital twin for monitoring.
  • Any metrics synchronized to your digital twin will also be appended to the customer’s audit log to maintain a full record of your interactions.

By using the S3 bucket digital twin, you can securely interact with your customer’s S3 bucket without direct access, maintaining data privacy and compliance while still enabling essential workflows.

Updated 1 day ago