Amazon S3 Flashcards
Global storage platform that is region based - data is held at the region level
S3
Is data replicated across AZ when using S3
Yes
Is S3 useful for offloading large data?
Yes
Term for the name of an object in a bucket
Key
Range of sizes for objects able to be stored in S3
0 bytes - 5 TB
If uploading more than 5GB, must use
Multi-part upload
Bucket wide rules from the S3 console
Resource-Based Bucket Policies
Encrypt objects in Amazon S3 using
Encryption keys
Markers on an object version to mark it as removed, rather than permanently deleting it from your S3 bucket
Delete Markers
A security feature that is used together with S3 Versioning to prevent unauthorized
or accidental deletions in your S3 bucket
MFA delete
Allows access to S3 via HTTP once index and error documents are set
Static Web Hosting
Lets you keep a copy of an object whenever it is overwritten as its versions also protects your objects from accidental deletions
Versioning
Allows access to S3 via HTTP once index and error documents are set
Static Web Hosting
Data is broken up into parts for uploading, parts can fail and be restarted
Multipart Upload
Uses the network of Edge locations to upload to optimize long distance transfers from your client to Amazon S3
Transfer Acceleration
Data is first encrypted on the client-side before uploaded to Amazon
S3. You manage the encryption process, the encryption keys, and related tools
Client-Side encryption (CSE)
Amazon S3 encrypts your object before saving it on disks in its data
centers and then decrypts it when you download the objects
Server-Side encryption (SSE)
You manage the encryption keys and S3 manages the encryption and decryption process
SSE-C
S3 uses AES-256 encryption keys to encrypt your objects, and each object is encrypted with a unique key
SSE-S3 (AES256)
S3 uses AES-256 encryption keys to encrypt your
objects but the key is managed in a different service, which is AWS KMS
SSE-KMS
Share objects or allow your customers/users to upload objects to buckets without AWS security credentials or permissions. Takes on the realtime permissions of the creator when used
Presigned URL
Lets you keep a copy of an object whenever it is overwritten as its versions also protects your objects from accidental deletions
Versioning
Allows access to S3 via HTTP once index and error documents are set
Static Web Hosting
Grants others time-limited permission to download or upload objects
from and to the owner’s S3 buckets
Presigned URL
Used to retrieve parts of objects instead of whole objects using SQL-like statements
S3 Select
Feature to receive notifications when certain events happen in your S3 bucket such as creating, deleting, restoring or replicating an object
Amazon S3 Event Notifications
Provides detailed records for the requests that are made to an Amazon S3 bucket used for security and access audits
S3 server access logging
Store objects using a write-once-read-many (WORM) model which requires versioning
Object Lock
Object is WORM-protected and can’t be overwritten or deleted and remains in place until you explicitly remove it
Legal Hold
Retention mode where certain permissions can be granted to adjust the lock settings
Governance
Named network endpoints that are attached to buckets that you can use to perform S3 object operations
Access points
Used to monitor malicious activity on S3 such as unauthorized access or suspicious access patterns
AWS Guard Duty
Replication used for log aggregation, live replication between production and test accounts
Same-Region Replication (SRR)
Replication used for compliance, lower latency access, replication across accounts
Cross-Region Replication (CRR)
Replicate existing objects and objects that failed replication
S3 Batch Replication
Automatic, asynchronous copying of objects across Amazon S3 buckets
S3 Replication