S3

CloudFront Signed URL's and Cookies

- - Use signed URLs/Cookies when you want to secure content so that only the people you authorize are able to access it. - Use cases for Signed URL vs Signed Cookies : a. A Signed URL is for individual files. 1 file = 1 URL. b. A Signed Cookie is for multiple files. 1 cookie = multiple files. - When we create a signed URL or signed cookie, we attach a policy. The policy can include : a. URL Expiration. b. IP Ranges c. Trusted signers(which AWS accounts can create signed URLs). - If your origin is EC2, then use CloudFront. - If your origin is S3 and its a single file, then use S3 Signed URL.

How many S3 buckets can I have per account by default?

- 100

Content Delivery Network (CDN)

- A content delivery network(CDN) is a system of distributed servers(network) that deliver webpages and other web content to a user based on the geographic locations of the user, the origin of the web page, and a content delivery server.

AWS Organizations and Consolidated Billing

- AWS Organization is an account management service that enables you to consolidate multiple AWS accounts into an organization that you can create and centrally manage. - Consolidated Billing along with AWS Organization takes into account the aggregate of all of your accounts. So the more you use the less you pay. - The paying account is independent and cannot access resources of other account. - All linked accounts in the organization are independent. - Service Control Policies(SCP) are used to maximum available permissions for all accounts n your organization.

Snowball Edge

- AWS Snowball edge is a 100TB data transfer device with on-board storage and compute capabilities. You can use Snowball Edge to move large amounts of data into and out of AWS, as a temporary storage tier for large local datasets, or to support local workloads in remote or offline locations. - Snowball Edge connects to your existing applications and infrastructure using standard storage interfaces, streamlining the data transfer process and minimizing setup and integration. Snowball Edge can cluster together to form a local storage tier and process your data on-premises, helping ensure your applications continue to run even when they are not able to access the cloud.

Storage Gateway

- AWS Storage Gateway is a service that connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization's on-premises IT environment and AWS's storage infrastructure. The service enables you to securely store data to the AWS cloud for scalable and cost-effective storage. - AWS Storage Gateway's software appliance is available for download as a virtual machine(VM) image that you install on a host in your data center. Storage Gateway supports either VMware ESXi or Microsoft Hyper-V. Once you've installed your gateway and associated it with your AWS account through the activation process, you can use the AWS Management Console to create the storage gateway option that is right for you.

S3 Transfer Acceleration

- Amazon S3 Transfer Acceleration enables fast, easy, and secure transfer of files over long distances between your end users and an S3 Bucket(i.e upload lots of files to S3) - Transfer Acceleration takes advantage of Amazon's Cloud Front's globally distributed edge locations. As the data arrives at an edge location, data is routed to amazon S3 over an optimized network path. Eg: Video - Cloud Front : Mainly read, access and downloading files. - Transfer Acceleration : All About uploading files faster.

S3 Life Cycle Management/Rule

- Automates moving your objects between the different storage tiers. - Can be used in conjunction with versioning. - Can be applied to current versions and previous versions.

S3 Guarantees

- Built for 99.99% availability for the S3 platform. - Amazon guarantee 99.9% availability. - Amazon guarantees 99.999999999% durability for S3 information(11 X 9s).

S3 - The Basics

- By default, all newly created buckets are PRIVATE. You can set up access control to your buckets using : a. Bucket Policies b. Access Control Lists - S3 Buckets can be configured to create access logs which logs all requests made to the S3 Bucket. This can be sent to another bucket and even another bucket in another account.

CloudFront Signed URL Features

- Can have different origins. Does not have to be EC2. - Key-pair is account wide and managed by the root user. - Can utilize caching features. - Can filter by date, path, IP address, expiration, etc..

AWS DataSync

- DataSync allows you to move large amounts of data into AWS. Typically use it on your on-premises data center. Install the DataSync agent as an agent and you would do this on a server that connects to your NAS or file system. And that will the copy data to AWS and write data from AWS. - Its a way of synchronizing your data and it automatically encrypts your data and accelerates transfer over the wide area network. - It performs automatic data integrity checks in transit and at rest as well. - Essentially what id does is it seamlessly connects to Amazon S3 airfares or Amazon FSX for windows file server to copy data and meta data to and from AWS. - Its a way of syncing your data to AWS.

Cloud Front : Key Terminology

- Edge Location : This is the location where content is cached and can also be written. Separate to an AWS Region/AZ.(no of edge locations > no of regions/az). - Origin : This is the origin of all the files that CDN will distribute. Origins can be an S3 bucket, EC2 instances, ELB or Route53. - Distribution : This is the name given to the CDN, which consists of a collection of edge locations. 1. Web Distribution : Typically used for Websites(HTTP/HTTPS). 2. RTMP : Used for media streaming. (Adobe Real Time Messaging Protocol).

Cloud Front Tips

- Edge Locations are not just READ only - you can write to them(i.e. PUT an object on to them). - Cloud Front Edge Locations are utilized by S3 Transfer Acceleration to reduce latency for S3 uploads. - Objects are cached for the life of TTL(Time to Live)(Default TTL is 24 hrs, max 365 days). - You can clear cached objects but you will be charged(Invalidation). - CloudFront is a global service i.e. not region based. - Can restrict access using signed URL's or signed cookies.

S3 Object Lock Modes

- Governance Mode : In governance mode, users can't overwrite or delete an object version or alter its lock settings unless they have special permissions. With governance mode, you protect objects against being deleted by most users, but you can still grant some users permission to alter the retention settings or delete the object if necessary. - Compliance Mode : In compliance mode, a protected object version can't be overwritten or deleted by any user, including the root user in your AWS Account. When an object is locked in compliance mode, its retention mode can't be changed and it's retention period can't be shortened. Compliance Mode ensures an object version can't be overwritten or deleted for the duration of the retention period.

S3 Signed URL Features

- Issues a request as the IAM user who creates the pre-signed URL. - Limited lifetime. - If users can access your S3 bucket file then its a signed S3 URL.(Using Origin Access Identification - OAI) otherwise it's CloudFront Signed URL. - If your origin is EC2 use CloudFront Signed URL otherwise if it's S3 then use a S3 Signed URL.

Tips

- Not suitable to install an OS. It is object based storage. - Read S3 FAQ's - S3 is global service. It does not require a region. - Bucket names share a common name space. You cannot have the same bucket name as someone else - unique. - All Buckets and objects in a bucket are private by default. - If you make a bucket public it does not automatically make the objects inside a bucket public. - When you view your buckets you view them globally but you can have buckets in individual regions(i.e. when creating buckets). - You can replicate contents of one bucket to another bucket automatically by using cross region replication. - You can change the storage class and encryption of your objects on the fly. - Restricting Bucket Access : a. Bucket Policies : Applies across the whole bucket. b. Object Policies : Applies to individual files. c. IAM Policies to Users and Groups : Applies to Users and Groups.

S3 Objects Features

- Object consists of the following : a. Key - This is simple the name of the Object. b. Value - This is simply the data and is made up of a sequence of bytes. c. Version ID - Important for versioning. d. Metadata - Data about data your are storing. e. Subresources - 1. Access Control List(ACL) 2. Bucket Policies(Torrent)

Advantages of Consolidated Billing

- One bill per AWS account. - Very easy to track charges and allocate costs. - Volume pricing discount.

S3 Performance : Downloads : S3 Byte-Range Fetches

- Parallelize downloads by specifying byte ranges. - If there's a failure in the download, it's only for a specific byte range. - S3 Byte-Range Fetches : a. Can be used to speed up downloads. b. Can be used to just download partial amounts of the file(ex header information).

S3 Performance

- Prefix : The path way value between the bucket name and the file name. Ex : mybucketname/folder1/subfolder1/myfile.jpg. Here prefix is /folder1/subfolder1 - S3 has extremely low latency. You can get the first byte out of s3 within 100-200 milliseconds. You can also achieve a high number of requests : 3,500 PUT/COPY/POST/DELETE and 5,500 GET/HEAD requests per second per prefix. - You can get better performance by spreading your reads across different prefixes. For example, if you are using 2 prefixes, you can achieve 11,000 requests per second. - If we used all 4 prefixes in the last example, you would achieve 22,000 requests per second. - More prefixes we have the better performance we can achieve.

S3 Data Consistency

- Read after Write consistency for PUTS of new objects-If you write a new file and read it immediately afterwards, you will be able to view that data. - Eventual Consistency for overwrites PUTS and DELETES(can take some time to propagate) - If you update AN EXISTING file or delete a file and read it immediately, you may get the older version, or you may not. Basically changes to objects can take a little bit of time to propagate.

S3 Performance : Multipart Uploads

- Recommended for files over 100MB. - Required for files over 5GB. - It parallelize uploads(increase efficiency)

Cross Region Replication

- Replicate the contents on one bucket to another bucket automatically - Example consider a bucket in us-east 1 and you want to automatically replicate your objects to another bucket that's in Sydney and you want it for high availability and disaster recovery. So as soon as you upload an object in your bucket in us-east 1 those objects will be automatically be replicated in your bucket in Sydney.

S3 Select

- S3 Select enables applications to retrieve only a subset of data from an object by using simple SQL expressions. By using S3 Select to retrieve only the data needed by your application, you can achieve drastic performance increases - in many cases, you can get as much as a 400% improvement. - For example : Let's assume all your data is stored in S3 in zip files that contain CSV files. Without S3 Select, you would need to download, decompress, and process the entire CSV to get the data you needed. - With S3 Select, you can use a simple SQL expression to return only the data from the store you're interested in instead of retrieving the entire object. This means you're dealing with an order of magnitude less data, which improves the performance of your underlying applications. - Get data by roes or columns using simple SQL expressions. - Save money on data transfer and increase speed.

S3 Features

- S3 has the following features : a. Tired Storage available b. Lifecycle Management c. Versioning d. Encryption e. MFA Delete f. Secure your data using Access Control Lists and Bucket Policies(Torrent).

S3 Basics

- S3 is Object based i.e. allows you to upload files. - Files can be from 0 bytes to 5TB. - There is unlimited storage. - Files are stored in buckets. - S3 is a universal namespace. That is names must be unique globally because it creates a DNS or web address name. - https://acloudguru.s3.amazonaws.com/ https://acloudguru.eu-west-1.amazonaws.com/ - When you upload a file to S3, you will receive a HTTP 200 code if the upload was successful.

Macie

- Security Service which uses ML and Natural Language Processing(NLP) to discover, classify and protect sensitive data stored in S3. - Uses AI to recognize if your S3 objects contain sensitive data such as PII. - Dashboards, reporting and alerts. - Works directly with data stored in S3. - Can also analyze CloudTrail logs. - Great for PCI-DSS(Online banking transactions) and preventing ID theft.

S3

- Simple Storage Service. - S3 provides developers and IT teams with secure, durable, highly-scalable object storage. - S3 is easy to use, with a simple web services interface to store and retrieve any amount of data from anywhere on the web. - S3 is a safe place to store your files. - It is object based storage. - The data is spread across multiple devices and facilities.

Snowball Types/Flavors

- Snowball comes in either a 50TB or 80TB size. Snowball uses multiple layers of security designed to protect your data including tamper-resistant enclosures, 256-bit encryption, and an industry-standard Trusted Platform Module(TPM) designed to ensure both security and full chain-of-custody of your data. Once the data transfer job has been processed and verified, AWS performs a software erasure of the snowball appliance.

Snowball

- Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS. Using snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. Transferring data with snowball is simple, fast, secure and can be as little as one-fifth the cost of high-speed internet. - Snowball can : a. Import to S3 b. Export from S3

Glacier Select

- Some companies in highly regulated industries - e.g. financial services, healthcare, and others - write data directly to Amazon Glacier to satisfy compliance needs like SEC Rule 17a-4 or HIPPA. Many S3 users have lifecycle policies designed to save on storage costs by moving their data into glacier when they no longer need to access it on a regular basis. Glacier Select allows you to run SQL queries against Glacier directly.

S3 : Storage Tiers/ Classes

- Std S3 : 99.99 % availability, 11 x 9s durability, stored redundantly across multiple devices in multiple facilities, and is designed to sustain the loss of 2 facilities concurrently. - S3 - IA(Infrequently Accessed) : Data that is accessed less frequently but requires rapid access when needed(1 time a yaer or 6 months), lower fee than S3 but charges a retrieval fee. - S3 - One Zone IA(Reduced Redundancy Storage RRS) : For where you want lower cost option for infrequently accessed data, but do not require the multiple availability zone data resilience. Same as IA however data stored in a single availability zone only, 11 x 9s durability, 99.5 % availability, cost is less than 20% regular S3 IA. - S3 - Intelligent Tiering : For data that is unknown or unpredictable access patterns, 2 tiers - frequent and infrequent access, automatically moves your data to most cost effective tier based on how frequently you access each object, 11 X 9s durability, 99.9 % availability, optimizes cost, no fees for accessing your data but a small monthly fee for monitoring/automation $0.0025 per 1000 objects. - S3 Glacier : It is secure, durable and low cost storage class for data archiving. You can reliably store any amount of data at costs that are competitive with or cheaper than on-premises solutions. Retrieval times configurable from minutes to hours. - S3 Glacier Deep Archive : It is Amazon S3 lowest cost storage class where retrieval time of 12 hours is acceptable.

Storage Gateway Types

- The 3 different types are : a. File Gateway(NFS & SMB) - A way of storing files in S3. b. Volume Gateway(iSCSI) - A way of storing your copies of Hard Disk drives or Virtual Hard Disk drives in your S3. 1. Stored Volumes 2. Cached Volumes c. Tape Gateway(VTL) - Virtual tape library.

Storage Gateway Types : Volume Gateway

- The volume interface presents your applications with disk volumes using the iSCSI block protocol. - Data written to these volumes can be asynchronously backed up as point-in-time snapshots of your volumes, and stored in the cloud as Amazon EBS snapshots. - Snapshots are incremental backups that capture only changed blocks. All snapshot storage is also compressed to minimize your storage charges.

Tips

- Use S3 Object Lock to store objects using a write once, read many(WORM) model. - Object locks can be on individual objects or applied across the bucket as a whole. - Object Locks come in 2 modes : Governance Mode and Compliance Mode. - With governance mode, users can't overwrite or delete an object version or alter its lock settings unless they have special permissions. - With compliance mode, a protected object version can't be overwritten or deleted by any user, including the root user in your AWS Account.

DataSync Tips

- Used to move large amounts of data from on-premises to AWS. - Used with NFS and SMB compatible file systems. - Replication can be done hourly, daily or weekly. - Install the DataSync agent to start the replication. - Can be used to replicate EFS to EFS.

S3 : Cross Region Replication

- Versioning should be enabled on both the source and destination buckets. - Files in an existing bucket are not replicated automatically. - All subsequent updated files will be replicated automatically. - Delete markers are not replicated. - Deleting individual versions or delete markers will not be replicated. - It starts working only the moment you turn it on. It doesn't take the objects that are already there in your bucket and replicate them. It does it only for the new objects once it is turned on. - If you change the permissions of the object in the source bucket as public it doesn't make the object in the destination bucket as public. - Can do replication of buckets in the same account or in another account.

S3 Pricing

- Very Important check video for pricing - Order of costliest to cheapest : 1. S3 Standard 2. S3 - IA 3. S3 - Intelligent Tiering 4. S3 One Zone - IA 5. S3 Glacier 6. S3 Glacier Deep Archive

AWS S3 has four different URLs styles that it can be used to access content in S3. The Virtual Hosted Style URL, the Path-Style Access URL, the Static web site URL, and the Legacy Global Endpoint URL. Which of these represents a correct formatting of the Virtual Hosted Style URL style

- Virtual style puts your bucket name 1st, s3 2nd, and the region 3rd. Path style puts s3 1st and your bucket as a sub domain. Legacy Global endpoint has no region. S3 static hosting can be your own domain or your bucket name 1st, s3-website 2nd, followed by the region. AWS are in the process of phasing out Path style, and support for Legacy Global Endpoint format is limited and discouraged. However it is still useful to be able to recognize them should they show up in logs. https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html

S3 Object Lock

- You can use S3 Object Lock to store objects using a write once, read many(WORM) model. It can help you prevent objects from being deleted or modified for a fixed amount of time or indefinitely. - You can use S3 Object Lock to meet regulatory requirements that require WORM storage, or add an extra layer of protection against object changes and deletion.

Storage Gateway Tips

1. File Gateway : For flat files, stored directly on S3. 2. Volume Gateway : a. Stored Volumes : Entire dataset is stored on site and is asynchronously backed up to S3. b. Cached Volumes : Entire dataset is stored on S3 and the most frequently accessed data is cached on site. 3. Tape Gateway : (Gateway Virtual Tape Library) Can also get physical appliance as well now.

Sharing S3 Buckets Across Accounts

3 different ways to share S3 buckets across accounts : - Using bucket policies and IAM(applies across the entire bucket). Programmatic access only. - Using Bucket ACLs and IAM(individual objects). Programmatic access only. - Cross-account IAM Roles. Programmatic and Console access.

Retention Periods

A retention period protects an object version for a fixed amount of time. When you place a retention period on an object version, Amazon S3 stores a timestamp in the object version's metadata to indicate when the retention period expires. After the retention period expires, the object version can be overwritten or deleted unless you also placed a legal hold on the object version.

Snowmobile

AWS snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can transfer up to 100PB per Snowmobile, a 45 foot long ruggedized shipping container, pulled by a semi-trailer truck. Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration. Transferring data with Snowmobile is secure, fast and cost effective.

Power User Access allows ________.

Ans - Access to all AWS services except for management of groups and users within IAM. - S3 : Until 2018 there was a hard limit on S3 puts of 100 PUTs per second. To achieve this care needed to be taken with the structure of the name Key to ensure parallel processing. As of July 2018 the limit was raised to 3500 and the need for the Key design was basically eliminated. Disk IOPS is not the issue with the problem. The account limit is not the issue with the problem.

Athena

Athena : - Interactive query service which enables you to analyze and query data located in S3 using standard SQL. - Serverless, nothing to provision, pay per query/per TB scanned. - No need to set up complex Extract/Transform/Load processes. - Works directly with data stored in S3. What can athena be sued for : - Can be used to query log files stored in S3, e.g. ELB Logs, S3 Access Logs etc.. - Generate business reports on data stored in S3. - Analyze AWS cost and usage reports. - Run queries on click-stream data.

Storage Gateway Types : Volume Gateway - Cached Volumes

Cached Volumes let you use Amazon S3 as your primary data storage while retaining frequently accessed data locally in your storage gateway. Cached Volumes minimize the need to scale your on-premsies storage infrastructure, while still providing your applications with low-latency access to their frequently accessed data. You can create storage volumes up to 32Tib in size and attach them to iSCSI devices from your on-premises application servers. Your gateway stores data that you write to these volumes in Amazon S3 and retains recently read data in your on-premises storage gateway's cache and upload buffer storage. 1GB - 32TB in size for cached volumes.

S3 Charges

Charged for : - Storage per GB - Requests(Get, Put, Copy etc) - Storage Management Pricing : Inventory, Analytics, and Object Tags - Data Transfer Pricing : Data transferred out of S3(download etc) - Transfer Acceleration : Use of CloudFront to optimize transfers - Cross region Replication Pricing

S3 Encryption

Encryption Types : - In Transit : SSL/TLS - Encrypt data sending to and from bucket(upload from pc and download to pc from bucket).(HTTPS) - At Rest : Data stored in disk. 1. Server Side Encryption : Amazon helps you encrypt the object. a. S3 Managed Keys - SSE - S3 : Amazon manages the keys automatically. b. AWS Key Management Service, Managed Keys, SSE- KMS : Amazon and you both manage the keys together. c. Server Side Encryption with Customer Provided Keys- SSE - C : Where you give amazon your own keys that you manage and encrypt the objects. 2. Client Side Encryption : Where you encrypt the object and upload to S3. - You can encrypt objects at object level or at the bucket level(entire bucket is encrypted so all objects put into that bucket will be encrypted).

Storage Gateway Types : File Gateway

Files are stored as objects in your S3 buckets, accessed through a Network File System(NFS) mount point. Ownership, permissions, and timestamps are durably stored in S3 in the user-metadata of the object associated with the file. Once objects are transferred to S3, they can be managed as native S3 objects, and buckets policies such as versioning, lifecycle management, and cross region replication apply directly to objects stored in your bucket.

S3 Glacier Vault Lock

S3 Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a Vault Lock Policy. You can specify controls, such as WORM, in a Vault Lock policy and lock the policy from future edits. Once locked the policy can no longer be changed.

Legal Holds

S3 Object Lock also enables you to place a legal hold on an object version. Like a retention period, a legal hold prevents an object version from being overwritten or deleted. However, a legal hold doesn't have an associated retention period and remains in effect until removed. Legal holds can be freely placed and removed by any user who has the s3:PutObjectLegalHold permission.

S3 Performance : KMS Request Rates

S3 limitations when using KMS : - If you are using SSE-KMS to encrypt your objects in S3, you must keep in mind the KMS limits. - When you upload a file, you will call GenerateDataKey in the KMS API. - When you download a file, you will call Decrypt in the KMS API. - Uploading/Downloading will count toward the KMS quota. - Currently you cannot request a quota increase for KMS. - Region - specific, however, it's either 5,500, 10,000, or 30,000 requests per second.

Tips

Some best practices with AWS Organizations : - Always enable multi-factor authentication on root account. - Always use a strong and complex password on root account. - Paying account should be used for billing purposes only. Do not deploy resources into the paying account. - Enable/Disable AWS services using Service Control Policies(SCP) either on Organizational Unit(OU) or on individual accounts.

Storage Gateway Types : Volume Gateway - Stored Volumes

Stored Volumes let you store your primary data locally, while asynchronously backing up that data to AWS. Stored volumes provide your on-premises applications with low-latency access to their entire datasets, while providing durable, off-site backups. You can create storage volumes and mount them as iSCSI devices from your on-premises application servers. Data written to your stored volumes is stored on your on-premises storage hardware. This data is asynchronously backed up to Amazon S3 in the form of Amazon Elastic Block Store(EBS) snapshots. 1GB - 16TB in size for stored volumes.

Storage Gateway Types : Tape Gateway

Tape Gateway offers a durable, cost effective solution to archive your data in the AWS Cloud. The VTL interface it provides lets you leverage your existing tape-based backup application infrastructure to store data on virtual tape cartridges that you create on your tape gateway. Each tape gateway is preconfigured with a media changer and tape drives, which are available to your existing client backup application as iSCSI devices. You add tape cartridges as you need to archive your data. Supported by Net Backup, Backup Exec, Veeam etc..

Cloud Front

Used to deliver your entire website, including dynamic, static, streaming, and interactive content using a global network edge locations. Requests for your content are automatically routed to the nearest edge location, so content is delivered with best possible performance. It also works seamlessly with any non-AWS origin server, which stores the original, definitive versions of your files. (Example Video for better understanding)

S3 Versioning

Using Versioning with S3 : - Stores all versions of an object(including all writes and even if you delete an object). - Great backup tool. - Once enabled, Versioning cannot be disabled, only suspended. - Integrates with lifecycle rules. - Versioning's MFA delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security. - If you make the versioned object public it doesn't automatically make other versions public. - When you delete a version only a delete marker is placed on that version. - Watch video

S3 Transfer Acceleration

Utilizes the CloudFront Edge Network to accelerate your uploads to S3. Instead of uploading directly to your S3 bucket, you can use a distinct URL to upload directly to an edge location which will then transfer that file to S3. You will get a distinct URL to upload to : acloudguru.s3-accelerate.amazonaws.com

AWS S3 has four different URLs styles that it can be used to access content in S3. The Virtual Hosted Style URL, the Path-Style Access URL, the Static web site URL, and the Legacy Global Endpoint URL

Virtual style puts your bucket name 1st, s3 2nd, and the region 3rd. Path style puts s3 1st and your bucket as a sub domain. Legacy Global endpoint has no region. S3 static hosting can be your own domain or your bucket name 1st, s3-website 2nd, followed by the region. AWS are in the process of phasing out Path style, and support for Legacy Global Endpoint format is limited and discouraged. However it is still useful to be able to recognize them should they show up in logs. https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html

PII

What is PII(Personally Identifiable Information) : - Personal data used to establish an individual's identity. - This data could be exploited by criminals, used in identity theft and financial fraud. - Example : Home address, email address, SSN, Passport number, Driver's license number, D.O.B, phone number, bank account, credit card number.