Amazon S3 Introduction Flashcards

1
Q
  • One of the main building blocks of AWS
  • Advertised as “infinitely scaling” storage

What am i?

A

Amazon S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Allows people to store objects (files) in “buckets” (directories)

A

Amazon S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Buckets must have a what?

A

Globally unique name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

At what level are buckets defined?

A

Region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The key is the (blank)

A

Full path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • Preserve, retrieve, and restore every (blank) of every object stored in your buckets.
  • You can recover more easily from both unintended user actions and application failures.
A

Versioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does it mean when version ID reads “null”?

A

It means you uploaded this object before enabling versioning onto the bucket, therefore it will not have version ID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are 4 methods of encryption objects in S3?

A
  • SSE-S3
  • SSE-KMS
  • SSE-C
  • Client Side Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does SSE stand for?

A

Server Side Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Encrypts S3 objects using keys handled & managed by AWS

A

SSE-S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Encryption in AWS

Encryption keys managed by AWS

You have full control over the ROTATION policy of encryption key

A

SSE-KMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When you want to fully manage your own encryption keys and never store them in AWS

A

SSE-C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of encryption is SSE-S3?

A

AES-256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

User control + audit trail

What method of encryption is this?

A

SSE-KMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Amazon S3 does not store the encryption key you provide
  • HTTPS MUST be used

What method of encryption is this?

A

SSE-C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Customer manages the keys and encryption cycle

Client must decrpyt/encrypt data themselves

What method of encryption is this?

A

Client Side Encryption

17
Q

How can an IAM principal access an S3 object?

A
  • the user IAM permissions allows it
  • the resource policy ALLOWS it
  • AND there’s no explicit DENY
18
Q

Is there a way to block public access to your S3 bucket?

19
Q

URLs that are valid only for a limited time (ex. Premium video service for logged in users)

A

Pre-Signed URLs

20
Q

If you get a 403 (Forbidden) error, what should you do?

A

Make sure the bucket policy allows public reads

21
Q

What does CORS stand for?

A

Cross Origin Resource Sharing

22
Q

If a client does a cross-origin request on our S3 bucket, we need to enable the correct CORS headers. How?

A

Allow for a specific origin or for *

all origins

23
Q

Where do the CORS headers need to be defined?

A

Cross origin bucket

24
Q

What should you do if website #1 needs to access a resource on website #2 through a web browser?

A

Give website #2 a CORS setting

if not the web browser is going to block it.

25
Allows a single object to be uploaded as a collection of parts rather than as one single part. If one part fails, it can be reuploaded without affecting any of the other parts.
Multi-part Upload
26
When is multipart recommended to use?
When file is over 100 MB
27
(Blank) in any IAM policy will take precedence over an S3 bucket policy
Explicit DENY
28
Defines a way for client web applications that are loaded in one domain to interact with resources in a different domain
Cross Origin Resource Sharing (CORS)