Amazon S3

Question 1

What are objects in S3?

Answer 1

Objects in S3 are file-like entities that contain data. They represent data and not infrastructure, which is what S3 buckets are.
Objects are stored in buckets.

Question 2

What is S3 (Simple Storage Service)?

Answer 2

S3 is an object-based storage service that is kind of unlimited and serverless, meaning the underlying infrastructure is managed by AWS. The S3 Console provides an interface to upload or access data.

Question 3

What does an S3 object consist of?

Answer 3

An S3 object may consist of:

Key: name of the object
Value: data stored
Version ID: version of the object (if versioning is enabled)
Metadata: additional information

Question 4

What are Etags in S3?

Answer 4

Etags are entity tags used for detecting whether a change to a file has been made without downloading. They can also be used for checking data integrity and are typically represented by an MD5 hash.

Question 5

When are Etags returned in S3?

Answer 5

Etags are returned on:

PUT: upload, including multipart or copy
GET: download, list (ETag is not included in the response body when listing objects)
HEAD: fetching metadata without downloading the file

Question 6

How can Etags be used in combination with conditional requests?

Answer 6

Etags can be used for caching with If-None-Match and for synchronization with If-Match.

Question 7

What is the purpose of checksums in S3?

Answer 7

Checksums are used to ensure the data hasn’t become corrupted in transit.

Question 8

What are S3 Object prefixes?

Answer 8

S3 Object prefixes are part of the object key name. They help organize, group, and filter data.

Question 9

What are S3 buckets?

Answer 9

Buckets hold objects or folders (which are not true folders) that store objects. Each bucket must have a unique name, is region-specific, and represents infrastructure.

Question 10

What are the key rules for S3 bucket naming?

Answer 10

• Length: 3-63 characters long
• Characters: lowercase letters, numbers, dots (.), and hyphens (-)
• Start and End: must begin and end with a letter or number
• No adjacent periods
• Cannot be formatted as IP addresses
• No uppercase letters, underscores, spaces, or special characters like “@” or “$”

Question 11

What are the S3 bucket restrictions and limitations?

Answer 11

• Up to 100 buckets, 1000 after a service request
• Buckets must be empty before deletion
• No max bucket size or limit to the number of objects
• Files must be between 0 and 5 TBs (multipart upload recommended for files over 100MB)
• Specific limits for S3 on AWS Outposts

Question 12

What are the two types of S3 buckets?

Hallmarks in comparison.

Answer 12

• General Purpose: flat hierarchy, all storage classes except S3 Express One Zone, recommended for most use cases, no prefix limits, 100 per account
• Directory: folder hierarchy, only S3 Express One Zone storage type, recommended for single-digit millisecond performance on PUT and GET, no prefix limits, 10 per account

Question 13

What are the characteristics of S3 general purpose bucket folders?

Answer 13

• Do not have true folders
• Creating a folder creates a zero-byte object ending in a forward slash (e.g., myfolder/)
• Files in a folder have names appended with the folder prefix

Question 14

What is unique about S3 folders?

Answer 14

• They are S3 objects and not independent entities
• Do not include permissions or metadata
• Can’t be empty or full
• Aren’t moved; objects with the same prefix are renamed when moved

Question 15

What happens to the prefix when moving an S3 object to another folder?

Answer 15

Only the prefix is changed; the object itself is not physically moved.

Question 16

What is metadata in S3?

Answer 16

Metadata provides information about other data but not the content itself. It is useful for categorizing, organizing data, and providing context about data.

Question 17

When can we attach metadata to S3 Objects?

Answer 17

Metadata can be attached to S3 Objects at any time.

Question 18

What are the types of metadata in S3?

Answer 18

Metadata can be either system-defined or user-defined.

Question 19

Who sets system-defined metadata in S3?

Answer 19

System-defined metadata is set by Amazon (with some exceptions).

Question 20

How must user-defined metadata be formatted in S3?

Answer 20

User-defined metadata must begin with “x-amz-meta-“. When using the AWS CLI, it should be set as “key=value”, which will automatically be appended with the “x-amz-meta-“ prefix.

Question 21

What does WORM stand for and what does it mean?

Answer 21

WORM stands for Write Once Read Many, meaning the data is immutable and cannot be modified or deleted.

Question 22

What is Object Lock in S3?

Answer 22

Object Lock prevents deletions of objects in a bucket. It can only be enabled on bucket creation and is useful for data integrity and regulatory compliance.

Question 23

What are the two types of retention in Object Lock?

Answer 23

Retention period: fixed time
Legal hold: until removed

Question 24

What are the two request styles in S3?

Answer 24

Virtual hosted-style requests: the bucket name is a subdomain on the host.
Path-style requests: the bucket name is in the request path.

Question 25

What will happen to path-style requests in S3?

Answer 25

Path-style requests will be discontinued, and some features work only with virtual hosted-style requests.

Question 26

What is S3 Standard storage class?

Answer 26

S3 Standard is the default storage class, designed for general-purpose storage for frequently accessed data.

Question 27

What are the key features of S3 Standard?
How durable it is etc.

Answer 27

• High Durability: 11 9’s of durability (99.999999999%)
• High Availability: 4 9’s of availability (99.99%)
• Data Redundancy: Data stored in 3 or more AZs
• Retrieval Time: within milliseconds
• High Throughput: optimized for frequently accessed and/or real-time access data
• Scalability: easily scales to storage size and number of requests
• No retrieval fee
• No minimum storage duration charge

Question 28

What is S3 Reduced Redundancy Storage (RRS)?

Answer 28

S3 Reduced Redundancy Storage is a legacy storage class for non-critical reproducible data with lower redundancy than S3 Standard. It provides no cost-benefit and is no longer cost-effective but still available for legacy customers.

Question 29

What are the S3 storage classes sorted by price from highest to lowest?

Answer 29

S3 Standard
S3 Intelligent Tiering
S3 Express One-Zone
S3 Standard-IA (Infrequent Access)
S3 One-Zone-IA
S3 Glacier Instant Retrieval
S3 Glacier Flexible Retrieval
S3 Glacier Deep Archive

Question 30

What is unique about S3 Intelligent Tiering?

Answer 30

S3 Intelligent Tiering uses AI to determine the storage class and has an extra fee for analysis.

Question 31

What is S3 Glacier Instant Retrieval?

Answer 31

S3 Glacier Instant Retrieval is designed for long-term cold storage with instant retrieval.

Question 32

What are the retrieval options for S3 Glacier Flexible Retrieval?

Answer 32

Standard Retrieval: Typically takes 3-5 hours
Expedited Retrieval: Typically takes 1-5 minutes
Bulk Retrieval: Typically takes 5-12 hours

Question 33

What is S3 Express One Zone designed for?

Answer 33

S3 Express One Zone is made for consistent single-digit millisecond data access, best suited for frequently accessed data and latency-sensitive applications.

Question 34

What are the key features of S3 Express One Zone?

Answer 34

The lowest latency available

Access speed up to 10x faster than Standard

Request costs 50% lower than Standard

Data is stored in a single AZ chosen by the user

Data is stored in an S3 Directory Bucket

Question 35

How are request costs structured for S3 Express One Zone?

Answer 35

For request sizes up to 512 KB, there is a flat per request charge. For portions of requests greater than 512 KB, there are additional per GB charges for PUT and GET operations.

Question 36

What is S3 One Zone-IA designed for?

Answer 36

S3 One Zone-IA is designed for less frequently accessed data with reduced availability.

Question 37

What are the key features of S3 One Zone-IA?
How durable it is etc?

Answer 37

• High Durability: 11 9’s of durability (99.999999999%)
• Lower Availability: 99.5% because it is in one AZ
• Cost-Effective Storage: costs 20% less than Standard-IA (which is 50% cheaper than Standard)
• Data Redundancy: Risk of data loss due to storing in only one AZ
• Retrieval Time: within milliseconds
• Use Cases: Secondary backup copies of on-premise data, for recreating data in case of AZ failure. Not frequently accessed, non-mission-critical data.
• Pricing:
  • Storage per GB
  • Per Request
  • Minimum storage duration charge (30 days)
  • Retrieval fee

Question 38

What is S3 Glacier Instant Retrieval designed for?

Answer 38

S3 Glacier Instant Retrieval is designed for rarely accessed data that needs instant access.

Question 39

What are the key features of S3 Glacier Instant Retrieval?
How durable it is etc?

Answer 39

• High Durability: 11 9’s of durability (99.999999999%) like Standard
• High Availability: 3 9’s of availability (99.9%) like Standard-IA
• Cost-Effective Storage: 68% lower cost than Standard-IA if data is long-lived and accessed once per quarter
• Retrieval Time: within milliseconds
• Use Cases: Rarely accessed data that needs instant access, such as image hosting, online file-sharing apps, medical imaging and health records, news media assets, satellite and aerial imaging.
• Pricing:
  • Storage per GB
  • Per Request
  • Minimum storage duration charge (90 days)
  • Retrieval fee

Question 40

What is S3 Glacier Flexible Retrieval?

Answer 40

S3 Glacier Flexible Retrieval combines S3 and Glacier into a single set of APIs, providing faster retrieval than Vault-based S3 Glacier.

Question 41

What are the retrieval tiers for S3 Glacier Flexible Retrieval?

Answer 41

Expedited: 1-5 minutes, urgent requests, limited to 250 MB archive size

Standard: 3-5 hours, default option, no archive limit

Bulk: 5-12 hours, no archive limit

Question 42

What are the additional costs associated with S3 Glacier Flexible Retrieval?

Answer 42

Separate costs from the cost of storage, including per GB and per request charges. Archived objects are expanded by an additional 40KBs (32KBs for index and metadata, 8KBs for object name).

Question 43

What is S3 Glacier Deep Archive?

Answer 43

S3 Glacier Deep Archive combines Amazon S3 and Amazon S3 Glacier into a single set of APIs, offering more cost-effective storage than Glacier Flexible Retrieval but with higher retrieval costs.

Question 44

What are the retrieval tiers for S3 Glacier Deep Archive?

Answer 44

Standard: within 12 hours

Bulk: within 48 hours, no archive limit, suitable for very large amounts of data (petabytes)

No Expediated Tier

Question 45

What are the additional costs associated with S3 Glacier Deep Archive?

Answer 45

Separate costs from the cost of storage, including per GB and per request charges. Archived objects are expanded by an additional 40KBs (32KBs for index and metadata, 8KBs for object name).

Question 46

What is S3 Intelligent-Tiering?

Answer 46

S3 Intelligent-Tiering automatically moves objects into different storage tiers to reduce storage costs, with separate costs for object monitoring and automation.

Question 47

What are the tiers in S3 Intelligent-Tiering?

Answer 47

Frequent Access (automatic): Default tier

Infrequent Access (automatic): If the object is not accessed after 30 days

Archive (Glacier) Instant Access (automatic): If the object is not accessed after 90 days

Archive Access (optional): If the object is not accessed after 90 days and after activating this option

Deep Archive Access (optional): If the object is not accessed after 180 days and after activating this option

Question 48

What are the additional costs associated with S3 Intelligent-Tiering?

Answer 48

Additional costs for analyzing objects for at least 30 days.

Question 49

What is Amazon S3 Block Public Access?

Answer 49

Amazon S3 Block Public Access is a safety feature enabled by default that blocks all public access to an S3 bucket.

Question 50

What does the setting “Block public access to buckets and objects granted through new access control lists (ACLs)” do?

Answer 50

It blocks public access permissions applied to newly added buckets or objects and prevents the creation of new public access ACLs for existing buckets and objects. It does not change existing permissions that allow public access to S3 resources using ACLs.

Question 51

What does the setting “Block public access to buckets and objects granted through any access control lists (ACLs)” do?

Answer 51

S3 will ignore all ACLs that grant public access to buckets and objects.

Question 52

What does the setting “Block public access to buckets and objects granted through new public bucket or access point policies” do?

Answer 52

S3 will block new bucket and access point policies that grant public access to buckets and objects. This setting doesn’t change any existing policies that allow public access to S3 resources.

Question 53

What does the setting “Block public and cross-account access to buckets and objects through any public bucket or access point policies” do?

Answer 53

S3 will ignore public and cross-account access for buckets or access points with policies that grant public access to buckets and objects.

If buckets or access point have policies that grant public access then those policies will be ignored.

Question 54

What are the four options available for Amazon S3 Block Public Access?

Answer 54

New Access Control Lists
Any Access Control Lists
New Bucket Policies or Access Points
Any Bucket Policies or Access Points

Question 55

What is an Access Control List (ACL) in Amazon S3?

Answer 55

An ACL grants basic read/write permissions to other AWS accounts. It is a legacy method not recommended for current use.

Question 56

What limitations do ACLs have in Amazon S3?

Answer 56

You can grant permissions only to other AWS accounts.
You cannot grant permissions to users in your account.
You cannot grant conditional permissions.
You cannot explicitly deny permissions.

Question 57

What are more robust alternatives to ACLs for providing cross-account access in Amazon S3?

Answer 57

More robust alternatives include bucket policies and access points.

Question 58

What is the primary difference between Bucket Policies and IAM Policies?

Answer 58

Bucket Policies are more convenient for granting access to specific S3 buckets and their objects, while IAM Policies provide access to many AWS services and can cover multiple buckets in one policy.

They differ also in size:
Bucket Policy up to 20KB
IAM Policy: User - 2KB, Group - 5KB, Role - 10KB.

Question 59

What is the purpose of Access Grants in relation to S3?

Answer 59

To map identities in a directory service (e.g., IAM Identity Center) to access datasets in S3.

Question 60

What does the Access Analyzer for S3 do?

Answer 60

It alerts when an S3 bucket is exposed to the Internet or to other AWS accounts.

Question 61

How can you ensure Internetwork Traffic Privacy across different networks?

Answer 61

Through AWS PrivateLink (VPC Interface Endpoints) or VPC Gateway Endpoints.

Question 62

What is S3 CORS?

Answer 62

It can be set for S3 bucket with static website hosting so other origins can perform HTTP requests from this website.

Question 63

What are encryption types and their key points?
When data is encrypted

Answer 63

Encryption types:
- In Transit - data is encrypted by the sender and decrypted by the receiver
- At Rest :
1. Client-Side Encryption (CSE) - data is encrypted by the client with a key and sent to a server. The server cannot decrypt the data because it doesn’t have the key.
2. Server-Side Encryption (SSE) - data is encrypted by the server and decrypted when requested by the client.

Question 64

What are the two main types of encryption for AWS S3?

Answer 64

Client-Side Encryption (CSE) and Server-Side Encryption (SSE).

Question 65

What happens in Client-Side Encryption (CSE)?

Answer 65

Data is encrypted by the client with a key before being sent to the server, and the server cannot decrypt the data.

Question 66

What happens in Server-Side Encryption (SSE)?

Answer 66

Data is encrypted by the server and decrypted when requested by the client.

Question 67

What are the four types of Server-Side Encryption (SSE) in AWS S3?

Answer 67

• SSE-S3 - key is managed by Amazon S3 using AES-GCM/AES256 algorithm
• SSE-KMS - you are managing the key using AWS Key Management Service (KMS)
• SSE-C - customer provides and manages the key
• DSSE-KMS - key is managed by the AWS KMS, data is encrypted twice with two different keys.

Question 68

What is a Bucket Key in AWS S3?

Answer 68

A short-lived bucket-level key used to decrease costs and improve performance, applicable to SSE-S3 and SSE-KMS.

Question 69

Can Bucket Keys be applied at different levels?

Answer 69

Yes, they can be applied at the bucket level for all new objects or at the object level for specific objects.

Question 70

What is Client-Side Encryption (CSE) in AWS S3?

Answer 70

The client encrypts data before uploading it to S3, and the server does not handle decryption.

Question 71

What are the two types of data consistency in Amazon S3?

Answer 71

Strongly Consistent: Data is always consistent but may have a slight delay.
Eventually Consistent: Data might not be consistent immediately but will become consistent over time.

Question 72

What are the four replication options available in Amazon S3?

Answer 72

Cross-Region Replication (CRR)
Same-Region Replication (SRR)
Bi-Directional Replication (BDR)
S3 Batch Replication

Question 73

What are the three states a bucket can be in regarding S3 Versioning?

Answer 73

Versioned
Unversioned
Versioning Suspended

Question 74

What are the hallmarks of S3 Versioning?

Answer 74

Versions are stored in the same object key address.
Must be explicitly enabled; it is disabled by default.
Can only be suspended, not disabled.
Integrates with S3 Lifecycle rules.
MFA Delete provides extra protection.

Question 75

What is S3 Transfer Acceleration and how does it work? 5

Answer 75

• A feature that speeds up file transfers to S3 by using CloudFront’s edge locations.
• Users upload to a distinct endpoint that routes through edge locations to the Amazon Global Network.
• https://s3-accelerate.amazonaws.com and https://s3-accelerate.dualstack.amazonaws.com support both IPv4 and IPv6.
• only virtual-hosted style requests are supported
• buckets cannot contain periods and must be DNS-compliant

Question 76

How are Presigned URLs used in Amazon S3? 3

Answer 76

• Provide temporary access to upload or download objects.
• Presigned URLs are commonly used to grant access to private objects.
• Presigned URLs are generated via AWS CLI or AWS SDK.

Question 77

What do S3 Access Points help manage?

Answer 77

Simplify managing data access at scale for shared datasets.

Question 78

Each Access point has:

Answer 78

• Distinct permissions via an Access Points Policy
• Distinct network controls
• Distinct block public access feature

Question 79

What is a Multi-Region Access Point?
How does it work?

Answer 79

Multi-Region Access Point is a global endpoint to route requests to multiple buckets residing in different regions.
Multi-Region Access Point will return data from the regional bucket with the lowest latency.

Question 80

What do Object Lambda Access Points do?

Answer 80

Transform the output of S3 object requests to present data differently without modifying the objects in the bucket.
Can perform transformations on HEAD, GET, and LIST operations.

Question 81

What can Mountpoint for Amazon S3 do?

Answer 81

Mount an S3 bucket to a Linux local file system.
Supports basic file-system operations like reading files up to 5 TB, listing, creating new files.

Question 82

What can Mountpoint for Amazon S3 not do?

Answer 82

Modify existing files, delete directories, support symbolic links or file locking.

Question 83

How can objects be archived in Amazon S3?

Answer 83

Through Archive Storage Classes (e.g., Glacier Deep Archive) or Archive Access Tiers (e.g., Intelligent-Tiering).

Question 84

Mountpoint for Amazon S3 can be used with:

With what storage classes?

Answer 84

• S3 Standard
• S3 Standard-IA
• S3 Express One Zone
• S3 One Zone-IA
• Reduced Redundancy Storage (RRS)
• S3 Glacier Instant Retrieval

Question 85

What is the Requester Pay option in Amazon S3?

Answer 85

Allows bucket owners to offset costs to the requester who accesses the data.
Requester pays for data transfer and request costs, while the bucket owner pays for everything else.

Question 86

What must be included in a request when Requester Pay is enabled?

Answer 86

Include x-amz-requester-payer header or parameter in the request.

Question 87

If there is a problem with Requester Pay what error will occur?

Answer 87

A 403 (Forbidden Request) HTTP Error code

Question 88

what are most common scenarios of Requester Pay problems?

Answer 88

• x-amz-request-payer not included
• Request authentication fails (something is wrong with IAM role or IAM policy)
• The request is anonymous
• The request is a SOAP request (which is not allowed)

Question 89

What does the AWS Marketplace for S3 provide?

Answer 89

Alternatives to AWS Services that work with Amazon S3.

Question 90

What is S3 Batch Operations used for?

Answer 90

Performing large-scale batch operations on Amazon S3 objects, involving billions of objects and exabytes of data.

Question 91

What does the Copy batch operation do in S3 Batch Operations?

Answer 91

Copies each object listed in the manifest to the specified destination bucket.

Question 92

What is the purpose of the Invoke AWS Lambda function batch operation?

Answer 92

Run a Lambda function against each object in the batch.

Question 93

What does the Replace all object tags batch operation do?

Answer 93

Replaces the Amazon S3 object tags of each object in the batch.

Question 94

What is the function of the Replace access control list (ACL) batch operation?

Answer 94

Replaces the ACLs for each object in the batch.

Question 95

What does the Restore batch operation do?

Answer 95

Sends a restore request to S3 Glacier for each object.

Question 96

What is the purpose of the Object Lock retention batch operation?

Answer 96

Prevents overwriting or deleting objects for a fixed amount of time.

Question 97

What does the Object Lock legal hold batch operation do?

Answer 97

Prevents overwriting or deleting objects until the legal hold is removed.

Question 98

What is required to perform a batch operation in S3?

Answer 98

Provide lists of objects in an S3 bucket or supply an S3 Inventory report manifest.json.

Question 99

What are the frequency options for Amazon S3 Inventory reports?

Answer 99

Daily (within 48 hours) or Weekly (first report within 48 hours, future reports every Sunday).

Question 100

What does S3 Event Notifications enable?

Answer 100

Allows S3 Buckets to notify other AWS Services about S3 events and helps with application integration.

Question 101

What is the purpose of Storage Class Analysis in S3?

Answer 101

Analyzes storage access patterns of objects within a bucket and recommends moving objects between Standard and Standard-IA classes.

Question 102

What is Storage Lens and what does it provide?

Answer 102

A storage analysis tool for S3 buckets across an AWS Organization, providing an interactive dashboard updated daily.

Question 103

What does S3 Static Website Hosting provide?

Answer 103

Allows hosting and serving a static website from an S3 bucket with a website endpoint. HTTPS is not supported directly; Amazon CloudFront is required for HTTPS.

Question 104

What is multipart upload in Amazon S3?

Answer 104

A feature that allows uploading a single object in a set of parts, recommended for files larger than 100MB.

Question 105

What are the advantages of multipart upload in Amazon S3?

Answer 105

Improved throughput, reuploading only missing parts in case of network failure, no expiry time for uploading parts, and the ability to upload while creating a file.

Question 106

What does byte range fetching allow in Amazon S3?

Answer 106

Retrieval of a specific range of bytes from an object using the Range header in GetObject API requests.

Question 107

How does S3 support concurrent connections for byte range fetching?

Answer 107

Allows multiple byte ranges to be requested simultaneously for parallel processing.

Question 108

How does byte range fetching differ from S3 Select?

Answer 108

Byte range fetching retrieves specific portions of an object’s data regardless of format, while S3 Select allows querying object content with SQL statements.