04 Storage Flashcards
Describe FSx for Windows File Server.
FSx for Windows File Server is a Windows-native shared storage solution that uses SMB, integrates with Directory Service or self-managed Active Directory, and can operate in single or multi-AZ mode.
How can backups be managed in FSx for Windows File Server?
Backups in FSx for Windows File Server can be performed on-demand or scheduled.
Explain how FSx can be accessed.
FSx can be accessed using SMB directly in a VPC, through peering, VPN, or Direct Connect.
What is the purpose of FSx for Lustre?
FSx for Lustre is designed for shared HPC storage specifically for Linux clients.
Define the two modes of operation for FSx for Lustre.
FSx for Lustre operates in two modes: Scratch, optimized for short-term storage with maximum performance and no replication, and Persistent, used for longer-term storage with self-healing and high availability within a single AZ.
How does the Lustre file-system interact with S3?
The Lustre file-system can be lazy loaded from an S3 bucket, providing high-performance access to S3 objects.
What are the availability options for EFS?
EFS can be configured for multi-AZ or single zone availability.
Describe the purpose of S3 storage classes.
S3 storage classes allow optimization of the service for specific workloads.
What is S3 Express One Zone?
S3 Express One Zone is the most expensive S3 option, offering better performance than S3 Standard.
Define lifecycle configurations in S3.
Lifecycle configurations are rules that transition objects between storage classes and delete them based on a period of time.
How do lifecycle rules operate in S3?
Lifecycle rules in S3 are based on a period of time rather than access patterns, and can be configured based on object versions.
What is the minimum waiting period for transitioning from Standard to an infrequent tier in S3?
A minimum of 30 days must be waited before transitioning from Standard to an infrequent tier, and another 30 days to move to Glacier tiers.
Explain the purpose of replication in S3.
Replication in S3 mirrors content from one bucket to another in a different region and/or accounts.
What role does IAM play in S3 replication?
An IAM role added to the replication configuration grants S3 the required permissions to perform the replication.
Describe the requirement for cross-account replication in S3.
A bucket policy on the destination is required for cross-account replication.
How can filters be used in S3 replication?
Filters can be used to replicate objects based on prefix and/or tags.
Define the storage class configuration in S3 replication.
The storage class used in the destination bucket can be configured.
What is the default ownership of new objects in the destination bucket during replication?
By default, new objects in the destination are owned by the source bucket’s account, but this can be overridden.
Explain Replication Time Control (RTC) in S3.
Replication Time Control (RTC) adds a 15-minute SLA to replication; otherwise, replication is best effort.
How is replication direction configured in S3?
Replication is one-way by default, but bi-directional replication can be enabled.
What types of encrypted objects can be replicated in S3?
Replication of encrypted objects using SSE-KMS and SSE-C is supported.
Which storage classes cannot be replicated in S3?
Objects stored in Glacier and Glacier Deep Archive cannot be replicated.
Define the encryption method used by SSE-S3 in S3.
SSE-S3 performs AES-256 encryption using keys managed by S3, and it is now the default encryption method.
What is a limitation of SSE-S3 regarding role separation?
SSE-S3 does not allow role separation; anyone with GetObject permissions can also decrypt objects.
How does SSE-C differ from SSE-S3?
SSE-C uses a customer-provided key which is passed with requests to the S3 API, unlike SSE-S3 which uses S3-managed keys.
What is the advantage of using SSE-KMS in S3?
SSE-KMS uses a key managed in KMS, allowing for key rotation and other management features.
What are bucket keys in the context of SSE-KMS?
Bucket keys allow KMS to share keys across multiple objects in a bucket, reducing costs.
What are pre-signed URLs in S3?
Pre-signed URLs give time-limited permissions to download or upload an object, based on the identity that created the URL.
How do S3 Select and Glacier Select optimize data retrieval?
S3 Select and Glacier Select use a SQL-like syntax for server-side filtering, reducing the amount of data that needs to be fetched.
Describe the purpose of Access Points in S3.
Access Points simplify the management of permissions by creating multiple endpoints, each with different policies and networking controls.
How can Access Points be secured in S3?
Access Points can be paired with VPC endpoints to ensure they can only be accessed via a specific VPC endpoint.
What is the function of Object Lock in S3?
Object Lock protects object versions for a specific period of time or indefinitely.
Explain retention periods in the context of Object Lock.
Retention periods are for a fixed period of time and can be extended but not removed.
Describe the difference between compliance mode and governance mode in legal holds.
In compliance mode, nobody can overwrite the legal hold, while in governance mode, object versions can be overwritten with special permissions.
How does Amazon Macie enhance data security in S3?
Amazon Macie uses machine learning to detect personally identifiable information (PII) and other sensitive data in S3 objects.
Define EBS and its purpose in AWS.
EBS, or Elastic Block Store, provides high-performance, resilient storage for EC2 instances.
What are EBS Snapshots and how do they function?
EBS Snapshots are incremental backups of EBS volumes, allowing for efficient data backup and recovery.
Explain the role of Amazon Data Lifecycle Manager.
Amazon Data Lifecycle Manager automates the creation and management of EBS Snapshots.
How do Instance Store Volumes differ from EBS volumes?
Instance Store Volumes are attached directly to the underlying EC2 instance and are lost if the instance is stopped and then started again.
Describe the function of AWS Transfer.
AWS Transfer facilitates the transfer of data to and from S3 and EFS using non-native protocols such as SSH (SFTP) and FTP.
