Amazon S3 Introduction Flashcards
What do you use S3 for?
Backup/storage
DR
Archive
Hybrid Cloud storage
App hosting
Media hosting
Data lakes & big data analytics
Software delivery
Static Website
What does S3 save data in?
Buckets
What does S3 save in buckets?
Objects
What do Buckets MUST have globally?
Unique name - across all regions all accounts
Where are buckets defined?
Region level
What does Region Level mean in S3 Buckets?
That they are tied & created in a region
What do objects have?
Keys
Which part is the key of s3://my-bucket/my_file.txt?
/my_file.txt
What is the Key composed of?
Prefix & object name
s3://my-bucket/my_folder1/another_folder/my_file.txt
prefix = my_folder1/another_folder
key = /my_file.txt
Do S3 have directories within buckets?
No
What is the max object size?
5 TB
What do you have to do if uploading more than 5GB?
Multi-part upload
What do objects include?
Metadata (key-value pairs)
Tags (unicode key/value pair)
Version ID (if enabled)
What is User-Based security for S3?
IAM Policies - which API calls should be allowed for a specific user from IAM
What is Resource-Based security in S3?
Bucket Policies - bucket wide rules from S3 console - allows cross account
Object ACL - finer grain (can be disabled)
Bucket ACL - less common (can be disabled)
When can an IAM principal access an S3 object?
If the user IAM permissions ALLOW ir, OR the resource policy ALLOWS it AND there is no explicit DENY
How can you encrypt objects in S3?
Using encryption keys
what do S3 Bucket Policies look like?
JSON based policies
What can you do with a bucket policy?
Grant public access to bucket
Force objects to be encrypted at upload
Grant access to another acc (cross acc)
How can you give public to S3?
Via Bucket Policy
What can you do to give access to an S3 bucket within your account for a user within your acc?
Assign an IAM policy to the user
How can you allow an EC2 instance to access the S3 bucket?
By assigning EC2 instance role with the correct IAM permissions to the ec2 instance
How can you give cross acc access to S3 bucket?
Assign S3 Bucket Policy to the bucket that allows cross acc access
How can you block public access of an S3 bucker?
It is a setting created by AWS
What can you do if you know your bucket should never be public?
Set the Block Public Access setting in the acc level
What does it mean if you get a 403 when you visit your website?
You have not enabled public reads via a bucket policy
What is Versioning in S3?
Every time you upload something in the bucket it creates a newer version of that item instead of deleting it
Where is Versioning enabled in S3?
Bucket level
Why is versioning important?
Protects against unintended deletes (restore versions)
Easy roll back to previous version
What version do files have before enabling versioning?
Null
what happens if you delete an object?
It creates a delete marker
How do you restore a deleted object?
You delete the “delete marker”
What is S3 CRR?
Cross Region Replication
?What is SRR
Same Region Replication
How does Replication Work?
You have an S3 bucket in one region, and another one in another region and you want to set up asynchronous replication between the two.
What are the requirements for S3 replication?
Versioning must be enabled in both source & destination buckets.
What kind of copying happens when replicating S3?
Asynchronous
Can buckets be in different AWS accounts in order for replication to work?
Yes they can be
What permissions do S3 must have for replication?
IAM
CRR use cases
compliance
lower latency access
replication across accounts
SRR use cases
log aggregation
live replication between prod and test accounts
Which objects get replicated once you enable Replication?
Only new ones
How can you replicate already existing objects?
S3 Batch Replication
What does S3 Batch Replication do?
Replicates existing objects and objects that failed replication
How does DELETE operation work in Replication?
You can only replicate delete markers from source to target
Which Deletions are not replicated?
Ones with Version ID (to avoid malicious deletes
What does no “chaining” of replication mean?
If bucket 1 has replication into bucket 2, and bucket 2 to bucket 3. Objects from Bucket 1 are not replicated to bucket 3
S3 Standard - General Purpose
99.99 availability
Used for frequently accessed data
low latency and high throughput
sustain 2 concurrent facility failures
S3 Standard - General Purpose use cases?
big data analytics
mobile
gaming apps
content distribution
S3 Infrequent Access
Less frequently accessed data but rapid access when needed
lower cost than s3 standard
Cost on retrieval
How do cost happens for S3 IA?
On retrieval
S3 IA use cases
99.9 availability
DR & Backups
S3 One Zone IA
High durability in single AZ
data lost when AZ is destroyed
99.5 availability
S3 One Zone IA use cases
storing secondary backup copies of on-prem data or data you can recreate
S3 Glacier Storage
Low cost object storage meant for archiving / backup
Pricing of Glacier Storage
price for storage & retrieval cost
S3 Glacier Instant Retrieval
Millisecond retrieval, great for data accessed once a quarter
Minimun storage duration 90 days
S3 Glacier Flexible Retrieval - 3 retrieval modes
Expedited (1-5 mins)
Standard (3-5 hours)
Bulk (5-12 hours) - free
Minimum storage duration of 90 days
S3 Glacier Deep Archive - long term storage
Standard (12 hours, Bulk (48 hours)
minimum storage 180 days
S3 Intelligent-Tiering
Small monthly monitoring and auto-tiering fee
moves objects automatically between Access Tiers based on usage
No retrieval charges
S3 Intelligent-Tiering (5 tiers)
Frequent Access (automatic) - default
Infrequent access (automatic) - objects not accessed for 30 days
Archive Instant Access (automatic) objects not accessed for 90 days
Archive Access (optional) configurable from 90 - 700+ days
Deep Archive Access (optional) config from 180 - 700+ days
