Advanced Amazon S3 & Athena Flashcards
Who can enable/disable MFA-Delete?
Only the bucket owner (root account)
Why do you need MFA?
- Permanently delete an object version
* Suspend versioning on the bucket
What do you need before using MFA-Delete?
Enable Versioning on the S3 bucket
When are bucket policies evaluated?
Before “default encryption”
Any request made to S3, from any account, authorized or denied, will be logged into another S3 bucket
S3 Access Logs
Concerning S3 Access Logs, what should you NEVER do?
Never set your logging bucket to be the monitored bucket
Compliance, lower latency access, replication across accounts
What use case is this?
CRR (Cross Region Replication)
What use case is this?
Log aggregation, live replication between production and test accounts
SRR (Same Region Replication)
Is there any way to replicate a delete between two buckets?
No.
How many S3 storage classes are there?
6
Use Cases: Big Data analytics, mobile & gaming applications, content distribution
S3 Standard - General Purpose
- High durability of objects across multiple AZ (99.999999999%)
- Sustain 2 concurrent facility failures
- 99.99% Availability over a given year
S3 Standard - General Purpose
- Suitbale for data that is less frequently accessed, but requires rapid access when needed
- High durability (99.9999999999%) of objects across multiple AZs
99.9% Availability
•Use Cases: As a data store for disaster recovery, backups
S3 Standard - Infrequent Access (IA)
- 99.5% Availability
- Low latency and high throughput performance
- Supports SSL for data at transit and encryption rest
- Stored in single AZ
- Use Cases: Storing secondary backup copies of on-premises data, or storing data you can recreate
S3 One Zone - Infrequent Access (IA)
- Low latency & high throughput
- Resilient against events that impact an entire AZ
- Small monthly monitoring and auto tiering fee
- Automatically moves objects between two access tiers based on changing access patterns
S3 Intelligent Tiering
- Low cost object meant for archiving/backup
- Data is retained for the long term (10s of years)
- Each item in Glacier is called “Archive” (up to 40TB)
Amazon Glacier
Amazon Glacier has 3 retrieval options:
What are they?
- Expedited (1 to 5 min)
- Standard (3 to 5 hours)
- Bulk (5 to 12 hours)
What is the minimum storage duration on Amazon Glacier?
90 days
What is the mínimum storage duration on Amazon Glacier Deep Archive?
180 days
Amazon Glacier Deep Archive - for long term storage - cheaper
What are the retrieval options?
Standard (12 hours)
Bulk (48 hours)
Moving objects can be automated using a what?
Lifecycle configuration
- Move objects to Standard IA class 60 days after creation
- Move to Glacier for archiving after 6 months
What lifecycle rule is this?
Transition Actions
- Access log files can be set to delete after 365 days
- Can be used to delete old versions of files (if versioning is enabled)
- Can be used to delete incomplete multi-part uploads
What lifecycle rule is this?
Expiration Actions
For infrequently accessed object, where should you move them?
Standard IA
For archive objects you don’t need in real time, what should you use?
Glacier or Deep_Archive
Helps to transition objects from Standard to Standard_IA
S3 Analytics
Send file to an AWS edge location which will forward the data to the S3 bucket in the target region
S3 Transfer Acceleration
Parallelize the GETs and speed up the download
S3 Byte Range Fetches
Amazon S3 automatically scales to high request rates, latency 100-200 ms
Your application can achieve at least 3,500 PUT/COPY/POST/DELETE and
5,500 GET/HEAD requests per second per prefix in a bucket.
S3 Baseline Performance
When you upload it, it calls the (blank) KMS API
GenerateDataKey
When you download, it calls the (blank) KMS API
Decrypt
Any time on the exam you see server side filtering, think what?
S3 Select & Glacier Select
- Retrieve less data using SQL by performing server side filtering
- Can filter by rows & columns (simple SQL statements)
- Less network transfer, less CPU cost client-side
S3 Select & Glacier Select
What does S3 Event Notifications target?
SNS
SQS
Lambda Functions
Use case: generate thumbnails of images uploaded to S3
S3 Event Notifications
- This person is financially responsible for the networking cost that comes from the dowload.
- Helpful when you want to share large datasets w other accounts
- (blank) must be authenticated in AWS (cannot be anonymous)
Requester Pays
Serverless query service to perform analytics against S3 objects
Amazon Athena
Use cases: Business intelligence, analytics, reporting, analyze & query VPC Flow Logs, ELB Logs, Cloud Trail etc..
Amazon Athena
Exam Tip: Analyze data in S3 using serverless SQL
Amazon Athena
- Adopt a WORM model (write once read many)
- Lock the policy for future edits (can no longer be changed)
- Helpful for compliance and data retention
Glacier Vault Lock
- Adopt a WORM (Write Once Read Many) model
* Block an object version deletion for a specified amount of time
S3 Object Lock (versioning must be enabled)
Users can’t overwrite or delete an object version or alter its lock settings unless they have special permissions
What mode is this?
Governance Mode
A protected object version can’t be overwritten or deleted by any user, including the root user in your AWS account.
It’s retention mode can’t be changed, and its retention period can’t be shortened.
What mode is this?
Compliance mode
What is an extra level of security to prevent accidental deletions?
MFA Delete
How can you verify that some employees tried to access files that they dont have access to, without them knowing?
S3 Access Logs
Allows you to replicate data from an S3 bucket to another in the same/different AWS Region
S3 Replication
Temporary URLs that you generate to grant time-limited access to some actions in your S3 bucket.
S3 Pre-Signed URLs