Advanced S3: Cloudfront, Snowball, Storage Gateway, Athena Flashcards
Explain S3 MFA-Delete
MFA (multi factor authentication) forces user to generate a code on a device (usually a mobile phone or hardware) before doing important operations on S3
In order To use MFA-Delete, enable ____ on the S3 bucket
Versioning
• You will need MFA to
- permanently delete an object version
- suspend versioning on the bucket
You won’t need MFA for..?
- enabling versioning
* listing deleted versions
Only this user can enable/disable MFA-delete
bucket owner (root account)
MFA-Delete currently can only be enabled using the….
CLI
What’s evaluated first, Bucket Policies or “default encryption”
Bucket Policies are evaluated before “default encryption”
S3 Cross Region Replication can be in different accounts?
True
S3 Cross Region Replication is async?
True
S3 pre-signed URLs are valid for a default ..?
Valid for a default of 3600 seconds, can change timeout with –expires-in [TIME_BY_SECONDS] argument
Users given a pre-signed URL inherit what?
the permissions of the person who generated the URL for GET / PUT
Give some examples of S3 pre-signed URLs
- Allow only logged-in users to download a premium video on your S3 bucket
- Allow an ever changing list of users to download files by generating URLs dynamically • Allow temporarily a user to upload a file to a precise location in our bucket
What is AWS CloudFront and what does it do?
- Content Delivery Network (CDN)
- Improves read performance, content is cached at the edge
- 136 Point of Presence globally (edge locations)
- Popular with S3 but works with EC2, Load Balancing
- Can help protect against network attacks
- Can provide SSL encryption (HTTPS) at
- CloudFront can use SSL encryption (HTTPS) to talk to your applications
- Support RTMP Protocol (videos / media)
CloudFront signed URL can only be created using?
AWS SDK, so you have to code an application to verify users and generate these URLs
What is CloudFront great for?
Great for static content that must be available everywhere
What is S3 Cross Region Replication Great for?
Great for dynamic content that needs to be available at low-latency in few regions.
Must be setup for each region you want replication to happen
Files are updated in near real-time
Read only
What are S3 Storage Tiers?
- Amazon S3 Standard - General Purpose
- Amazon S3 Standard-Infrequent Access (IA)
- Amazon S3 One Zone-Infrequent Access
- Amazon S3 Reduced Redundancy Storage (deprecated) • Amazon S3 Intelligent Tiering (new!)
- Amazon Glacier
What is S3 Standard – Infrequent Access (IA) suitable for?
Suitable for data that is less frequently accessed, but requires rapid access when needed
Use case of S3 (IA)
• Use Cases: As a data store for disaster recover y, backups…
S3 One Zone - Infrequent Access (IA) Use Case
• Use Cases: Storing secondary backup copies of on-premise data, or storing data you can recreate
What’s S3 Glacier meant for?
• Low cost object storage meant for archiving / backup
How much storage can each archived item in glacier hold?
Up to 40TB
Archives are stored in what?
Vaults
What is S3 Lifecycle Rules?
• Set of rules to move data between different tiers, to save storage cost
What is S3 Lifecycle Transition actions?
It defines when objects are transitioned to another storage class.
What is S3 Lifecycle Expiration actions?
Helps to configure objects to expire after a certain time period. S3 deletes expired objects on our behalf
this Can be used to delete incomplete multi-part uploads!?
S3 Lifecycle Rules
Snowball Edge vs Snowball?
Snowball Edges add computational capability to the device
• 100TB capacity with either:
• Storage optimized – 24 vCPU
• Compute optimized – 52 vCPU & optional GPU
• Supports a custom EC2 AMI so you can perform processing on the go
• Supports custom Lambda functions
What is AWS Storage Gateway?
- Bridge between on-premise data and cloud data in S3
* Use cases: disaster recovery, backup & restore, tiered storage
What are the 3 types of storage gateway?
- File Gateway
* Volume Gateway • Tape Gateway
Storage Gateway - File Gateway supports what?
Supports S3 standard, S3 IA, S3 One Zone IA
Storage Gateway - Define Volume Gateway?
- Block storage using iSCSI protocol backed by S3
- Backed by EBS snapshots which can help restore on-premise volumes! • Cached volumes: low latency access to most recent data
- Stored volumes: entire dataset is on premise, scheduled backups to S3
Storage Gateway - Define Volume Gateway?
- Some companies have backup processes using physical tapes (!)
- With Tape Gateway, companies use the same processes but in the cloud • VirtualTape Library (VTL) backed by Amazon S3 and Glacier
- Back up data using existing tape-based processes (and iSCSI interface)
- Works with leading backup software vendors
If exam mentioned on premis data, that means what?
Storage gateway
File access / NFS refers to what?
File Gateway
backed by S3
Volumes / Block Storage / iSCSI refers to what?
Volume gateway (backed by S3 with EBS snapshots)
VTLTape solution / Backup with iSCSI
Tape Gateway (backed by S3 and Glacier)
What is Athena?
Serverless service to perform analytics directly against S3 files
Athena uses what query language?
Uses SQL language to query the files
What are you charged to use Athena?
Charged per query and amount of data scanned
