AWS S3 Flashcards
S3 is good for what kind of files?
Flat Files
What object sizes can S3 store?
0 Bytes to 5 TB (per object)
S3 Bucket names must be:
Globally Unique
What code does your browser receive following a successful S3 upload?
HTTP 200
Name the fundamental parts of an S3 Object:
- Key (Filename)
- Value (Data)
- Version ID
- Metadata
- Sub Resources
What are Amazon’s S3 Guarantees?
- 99.99% Availability
- 99.99999999999% Durability (11 9’s)
What is the S3 data consistency model?
- Read after write consistency for PUTS of new objects.
- Eventual consistency for overwrite PUTS and DELETES
What is S3 Lifecycle Management?
Lifecycle management moves objects between storage tiers based on the objects age.
Does S3 allow versioning?
Yes!
Does S3 Support MFA?
S3 versioning supports MFA for object deletion.
How is S3 data secured?
Data is secured using Access Control Lists and Bucket Policies.
What is S3 Standard?
S3 Standard offers 99.99% availability and 11 9’s of durability. It is designed to sustain the loss of 2 facilities concurrently.
What is S3 - IA?
S3 Infrequently Accessed is a tier that offers lower storage fees than S3 Standard, but higher data retrieval fees.
What is S3 One Zone - IA?
S3 One Zone Infrequently Accessed has lower data storage fees than S3 - IA, but does not provide multi-AZ resilience.
What is S3 - Glacier?
S3 Glacier provides low cost data archival. The retrieval time for data in Glacier can be range from minutes to hours.
What is S3 - Glacier Deep Archive?
S3 Glacier Deep Archive is the cheapest S3 storage option. Data retrieval time is 12 hours.
What affects S3 charges?
- Storage
- Number of Requests
- Tier Pricing
- Data Transfers
- Use of Transfer Acceleration
- Use of Cross-Region Replication
What is Cross-Region Replication?
The automatic replication of bucket objects from one zone to another zone.
What is Transfer Acceleration?
Transfer Acceleration utilizes CloudFront’s system of global edge locations to quickly route data from users to the S3 bucket over Amazon’s backbone network.
Is S3 suitable for operating systems and databases?
No!
Are S3 Buckets region-specific?
Yes! You can choose the region where the bucket is created.
From where can you access an S3 Bucket?
S3 Buckets are globally accessible.
By default, are S3 Buckets public or privately accessible?
S3 Buckets block all public access by default.
Is server-side encryption enabled on S3 Buckets by default?
No! The default configuration is encryption disabled.
What is S3 Intelligent Tiering?
Intelligent Tiering moves files to different bucket classes based on how frequently you access those files.
What are three methods of controlling access in an S3 Bucket?
- Bucket Policies: Apply to entire bucket
- Object Policies: Apply to Objects in the bucket
- IAM Policies: Apply to Users and Groups who access the bucket
Can S3 produce access logs?
Yes! Logs can be stored in another bucket in the account, or on another account.
What are three methods of S3 encryption?
- S3 Managed Keys (SSE - S3)
- AWS Key Management Service (SSE-KMS)
- Server-side encryption with customer provided keys (SSE - C)
Can S3 bucket versioning be disabled?
No! Once versioning is enabled, it can only be suspended. No new versions will be created, but existing versions will be retained.
Can versioning be integrated with lifecycle rules?
Yes!
What extra security measure does versioning provide?
Multifactor Authentication (MFA)
When uploading a new version of a public file, will the new version also be public?
No! You must make each individual item public.
What does Lifecycle Management do?
It automates the movement of objects between storage tiers.
What is S3 Object Lock?
Object Lock stores objects using the Write Once, Read Many (WORM) model. It prevents objects from being deleted or modified for a fixed amount of time, or indefinitely.
What is S3 Compliance Mode?
Compliance Mode protects objects from being deleted or modified for the duration of the retention period. Not even the Root User can delete or modify the object.
What is the Retention Period?
The Retention Period is the amount of time that an object will be protected. Once the Retention Period expires, the object can be overwritten or deleted.
What are S3 Legal Holds?
A Legal Hold prevents an object version from being overwritten or deleted. A Legal Hold remains in place until removed.
What is Glacier Vault Lock?
Glacier Vault Lock allows you to deploy and enforce compliance controls for individual S3 Glacier Vaults with a Vault Lock Policy.
What are Prefixes in S3?
The Prefix is the middle part between the bucket name and the file name.
mybucketname/folder1/subfolder1/myfile.jpg
The Prefix is /folder1/subfolder1
Why are Prefixes important in S3?
Prefixes have a large impact on S3 performance. S3 request limits are per-Prefix.
What is the limit for GET/HEAD requests per prefix?
GET/HEAD requests are limited to 5,500 per prefix, per second.
What is the limit for PUT/COPY/POST/DELETE requests per-prefix?
PUT/COPY/POST/DELETE requests are limited to 3,500 per prefix, per second.
What are the KMS quota limits for S3?
The quota is region-specific. It will be either 5,500 or 10,000 or 30,000 requests per second.
Can you request a KMS quota increase?
Not at this time.
What are S3 Multipart Uploads?
Multipart upload splits files into multiple parts and parallelizes the upload for increased speed.
When should I use S3 Multipart Upload?
Multipart Upload should be used for files over 100MB and must be used for files over 5GB.
What are S3 Byte Range Fetches?
Byte Range Fetches allow you to parallelize downloads by specifying the byte range. This speeds up the download of files and can be used to download only part of a file.
What is S3 Select?
S3 Select allows your application to retrieve only a subset of data from an object using SQL expressions. This can lead to drastic performance increases. (Up to 400%)
What is Glacier Select?
Glacier Select allows you to run SQL queries against Glacier directly.
