Amazon S3 Introduction

Question 1

• One of the main building blocks of AWS
• Advertised as “infinitely scaling” storage

What am i?

Answer 1

Amazon S3

Question 2

Allows people to store objects (files) in “buckets” (directories)

Answer 2

Amazon S3

Question 3

Buckets must have a what?

Answer 3

Globally unique name

Question 4

At what level are buckets defined?

Answer 4

Region

Question 5

The key is the (blank)

Answer 5

Full path

Question 6

• Preserve, retrieve, and restore every (blank) of every object stored in your buckets.
• You can recover more easily from both unintended user actions and application failures.

Answer 6

Versioning

Question 7

What does it mean when version ID reads “null”?

Answer 7

It means you uploaded this object before enabling versioning onto the bucket, therefore it will not have version ID

Question 8

What are 4 methods of encryption objects in S3?

Answer 8

• SSE-S3
• SSE-KMS
• SSE-C
• Client Side Encryption

Question 9

What does SSE stand for?

Answer 9

Server Side Encryption

Question 10

Encrypts S3 objects using keys handled & managed by AWS

Answer 10

SSE-S3

Question 11

Encryption in AWS

Encryption keys managed by AWS

You have full control over the ROTATION policy of encryption key

Answer 11

SSE-KMS

Question 12

When you want to fully manage your own encryption keys and never store them in AWS

Answer 12

SSE-C

Question 13

What type of encryption is SSE-S3?

Answer 13

AES-256

Question 14

User control + audit trail

What method of encryption is this?

Answer 14

SSE-KMS

Question 15

• Amazon S3 does not store the encryption key you provide
• HTTPS MUST be used

What method of encryption is this?

Answer 15

SSE-C

Question 16

Customer manages the keys and encryption cycle

Client must decrpyt/encrypt data themselves

What method of encryption is this?

Answer 16

Client Side Encryption

Question 17

How can an IAM principal access an S3 object?

Answer 17

• the user IAM permissions allows it
• the resource policy ALLOWS it
• AND there’s no explicit DENY

Question 18

Is there a way to block public access to your S3 bucket?

Answer 18

Yes

Question 19

URLs that are valid only for a limited time (ex. Premium video service for logged in users)

Answer 19

Pre-Signed URLs

Question 20

If you get a 403 (Forbidden) error, what should you do?

Answer 20

Make sure the bucket policy allows public reads

Question 21

What does CORS stand for?

Answer 21

Cross Origin Resource Sharing

Question 22

If a client does a cross-origin request on our S3 bucket, we need to enable the correct CORS headers. How?

Answer 22

Allow for a specific origin or for *

all origins

Question 23

Where do the CORS headers need to be defined?

Answer 23

Cross origin bucket

Question 24

What should you do if website #1 needs to access a resource on website #2 through a web browser?

Answer 24

Give website #2 a CORS setting

if not the web browser is going to block it.

Question 25

Allows a single object to be uploaded as a collection of parts rather than as one single part. If one part fails, it can be reuploaded without affecting any of the other parts.

Answer 25

Multi-part Upload

Question 26

When is multipart recommended to use?

Answer 26

When file is over 100 MB

Question 27

(Blank) in any IAM policy will take precedence over an S3 bucket policy

Answer 27

Explicit DENY

Question 28

Defines a way for client web applications that are loaded in one domain to interact with resources in a different domain

Answer 28

Cross Origin Resource Sharing (CORS)