Amazon S3 Introduction

Question 1

What do you use S3 for?

Answer 1

Backup/storage
DR
Archive
Hybrid Cloud storage
App hosting
Media hosting
Data lakes & big data analytics
Software delivery
Static Website

Question 2

What does S3 save data in?

Answer 2

Buckets

Question 3

What does S3 save in buckets?

Answer 3

Objects

Question 4

What do Buckets MUST have globally?

Answer 4

Unique name - across all regions all accounts

Question 5

Where are buckets defined?

Answer 5

Region level

Question 6

What does Region Level mean in S3 Buckets?

Answer 6

That they are tied & created in a region

Question 7

What do objects have?

Answer 7

Keys

Question 8

Which part is the key of s3://my-bucket/my_file.txt?

Answer 8

/my_file.txt

Question 9

What is the Key composed of?

Answer 9

Prefix & object name

s3://my-bucket/my_folder1/another_folder/my_file.txt

prefix = my_folder1/another_folder

key = /my_file.txt

Question 10

Do S3 have directories within buckets?

Answer 10

No

Question 11

What is the max object size?

Answer 11

5 TB

Question 12

What do you have to do if uploading more than 5GB?

Answer 12

Multi-part upload

Question 13

What do objects include?

Answer 13

Metadata (key-value pairs)
Tags (unicode key/value pair)
Version ID (if enabled)

Question 14

What is User-Based security for S3?

Answer 14

IAM Policies - which API calls should be allowed for a specific user from IAM

Question 15

What is Resource-Based security in S3?

Answer 15

Bucket Policies - bucket wide rules from S3 console - allows cross account

Object ACL - finer grain (can be disabled)

Bucket ACL - less common (can be disabled)

Question 16

When can an IAM principal access an S3 object?

Answer 16

If the user IAM permissions ALLOW ir, OR the resource policy ALLOWS it AND there is no explicit DENY

Question 17

How can you encrypt objects in S3?

Answer 17

Using encryption keys

Question 18

what do S3 Bucket Policies look like?

Answer 18

JSON based policies

Question 19

What can you do with a bucket policy?

Answer 19

Grant public access to bucket
Force objects to be encrypted at upload
Grant access to another acc (cross acc)

Question 20

How can you give public to S3?

Answer 20

Via Bucket Policy

Question 21

What can you do to give access to an S3 bucket within your account for a user within your acc?

Answer 21

Assign an IAM policy to the user

Question 22

How can you allow an EC2 instance to access the S3 bucket?

Answer 22

By assigning EC2 instance role with the correct IAM permissions to the ec2 instance

Question 23

How can you give cross acc access to S3 bucket?

Answer 23

Assign S3 Bucket Policy to the bucket that allows cross acc access

Question 24

How can you block public access of an S3 bucker?

Answer 24

It is a setting created by AWS

Question 25

What can you do if you know your bucket should never be public?

Answer 25

Set the Block Public Access setting in the acc level

Question 26

What does it mean if you get a 403 when you visit your website?

Answer 26

You have not enabled public reads via a bucket policy

Question 27

What is Versioning in S3?

Answer 27

Every time you upload something in the bucket it creates a newer version of that item instead of deleting it

Question 28

Where is Versioning enabled in S3?

Answer 28

Bucket level

Question 29

Why is versioning important?

Answer 29

Protects against unintended deletes (restore versions)

Easy roll back to previous version

Question 30

What version do files have before enabling versioning?

Answer 30

Null

Question 31

what happens if you delete an object?

Answer 31

It creates a delete marker

Question 32

How do you restore a deleted object?

Answer 32

You delete the “delete marker”

Question 33

What is S3 CRR?

Answer 33

Cross Region Replication

Question 34

?What is SRR

Answer 34

Same Region Replication

Question 35

How does Replication Work?

Answer 35

You have an S3 bucket in one region, and another one in another region and you want to set up asynchronous replication between the two.

Question 36

What are the requirements for S3 replication?

Answer 36

Versioning must be enabled in both source & destination buckets.

Question 37

What kind of copying happens when replicating S3?

Answer 37

Asynchronous

Question 38

Can buckets be in different AWS accounts in order for replication to work?

Answer 38

Yes they can be

Question 39

What permissions do S3 must have for replication?

Answer 39

IAM

Question 40

CRR use cases

Answer 40

compliance
lower latency access
replication across accounts

Question 41

SRR use cases

Answer 41

log aggregation
live replication between prod and test accounts

Question 42

Which objects get replicated once you enable Replication?

Answer 42

Only new ones

Question 43

How can you replicate already existing objects?

Answer 43

S3 Batch Replication

Question 44

What does S3 Batch Replication do?

Answer 44

Replicates existing objects and objects that failed replication

Question 45

How does DELETE operation work in Replication?

Answer 45

You can only replicate delete markers from source to target

Question 46

Which Deletions are not replicated?

Answer 46

Ones with Version ID (to avoid malicious deletes

Question 47

What does no “chaining” of replication mean?

Answer 47

If bucket 1 has replication into bucket 2, and bucket 2 to bucket 3. Objects from Bucket 1 are not replicated to bucket 3

Question 48

S3 Standard - General Purpose

Answer 48

99.99 availability
Used for frequently accessed data
low latency and high throughput
sustain 2 concurrent facility failures

Question 49

S3 Standard - General Purpose use cases?

Answer 49

big data analytics
mobile
gaming apps
content distribution

Question 50

S3 Infrequent Access

Answer 50

Less frequently accessed data but rapid access when needed

lower cost than s3 standard

Cost on retrieval

Question 51

How do cost happens for S3 IA?

Answer 51

On retrieval

Question 52

S3 IA use cases

Answer 52

99.9 availability
DR & Backups

Question 53

S3 One Zone IA

Answer 53

High durability in single AZ
data lost when AZ is destroyed

99.5 availability

Question 54

S3 One Zone IA use cases

Answer 54

storing secondary backup copies of on-prem data or data you can recreate

Question 55

S3 Glacier Storage

Answer 55

Low cost object storage meant for archiving / backup

Question 56

Pricing of Glacier Storage

Answer 56

price for storage & retrieval cost

Question 57

S3 Glacier Instant Retrieval

Answer 57

Millisecond retrieval, great for data accessed once a quarter

Minimun storage duration 90 days

Question 58

S3 Glacier Flexible Retrieval - 3 retrieval modes

Answer 58

Expedited (1-5 mins)
Standard (3-5 hours)
Bulk (5-12 hours) - free

Minimum storage duration of 90 days

Question 59

S3 Glacier Deep Archive - long term storage

Answer 59

Standard (12 hours, Bulk (48 hours)

minimum storage 180 days

Question 60

S3 Intelligent-Tiering

Answer 60

Small monthly monitoring and auto-tiering fee

moves objects automatically between Access Tiers based on usage

No retrieval charges

Question 61

S3 Intelligent-Tiering (5 tiers)

Answer 61

Frequent Access (automatic) - default

Infrequent access (automatic) - objects not accessed for 30 days

Archive Instant Access (automatic) objects not accessed for 90 days

Archive Access (optional) configurable from 90 - 700+ days

Deep Archive Access (optional) config from 180 - 700+ days