Advanced S3: Cloudfront, Snowball, Storage Gateway, Athena Flashcards
Explain S3 MFA-Delete
MFA (multi factor authentication) forces user to generate a code on a device (usually a mobile phone or hardware) before doing important operations on S3
In order To use MFA-Delete, enable ____ on the S3 bucket
Versioning
• You will need MFA to
- permanently delete an object version
- suspend versioning on the bucket
You won’t need MFA for..?
- enabling versioning
* listing deleted versions
Only this user can enable/disable MFA-delete
bucket owner (root account)
MFA-Delete currently can only be enabled using the….
CLI
What’s evaluated first, Bucket Policies or “default encryption”
Bucket Policies are evaluated before “default encryption”
S3 Cross Region Replication can be in different accounts?
True
S3 Cross Region Replication is async?
True
S3 pre-signed URLs are valid for a default ..?
Valid for a default of 3600 seconds, can change timeout with –expires-in [TIME_BY_SECONDS] argument
Users given a pre-signed URL inherit what?
the permissions of the person who generated the URL for GET / PUT
Give some examples of S3 pre-signed URLs
- Allow only logged-in users to download a premium video on your S3 bucket
- Allow an ever changing list of users to download files by generating URLs dynamically • Allow temporarily a user to upload a file to a precise location in our bucket
What is AWS CloudFront and what does it do?
- Content Delivery Network (CDN)
- Improves read performance, content is cached at the edge
- 136 Point of Presence globally (edge locations)
- Popular with S3 but works with EC2, Load Balancing
- Can help protect against network attacks
- Can provide SSL encryption (HTTPS) at
- CloudFront can use SSL encryption (HTTPS) to talk to your applications
- Support RTMP Protocol (videos / media)
CloudFront signed URL can only be created using?
AWS SDK, so you have to code an application to verify users and generate these URLs
What is CloudFront great for?
Great for static content that must be available everywhere
What is S3 Cross Region Replication Great for?
Great for dynamic content that needs to be available at low-latency in few regions.
Must be setup for each region you want replication to happen
Files are updated in near real-time
Read only
What are S3 Storage Tiers?
- Amazon S3 Standard - General Purpose
- Amazon S3 Standard-Infrequent Access (IA)
- Amazon S3 One Zone-Infrequent Access
- Amazon S3 Reduced Redundancy Storage (deprecated) • Amazon S3 Intelligent Tiering (new!)
- Amazon Glacier
What is S3 Standard – Infrequent Access (IA) suitable for?
Suitable for data that is less frequently accessed, but requires rapid access when needed
Use case of S3 (IA)
• Use Cases: As a data store for disaster recover y, backups…
S3 One Zone - Infrequent Access (IA) Use Case
• Use Cases: Storing secondary backup copies of on-premise data, or storing data you can recreate
What’s S3 Glacier meant for?
• Low cost object storage meant for archiving / backup
How much storage can each archived item in glacier hold?
Up to 40TB
Archives are stored in what?
Vaults
What is S3 Lifecycle Rules?
• Set of rules to move data between different tiers, to save storage cost
