Chapter 3 Hello, Storage

Question 1

Enumerate data value types from lowest to highest relevance

Answer 1

1. Transient
2. Reproducible
3. Authoritative
4. Critical/Regulated

Question 2

What can you do on an existing EBS volume, and would these changes require service interruption?

Answer 2

1. increase size
2. modify IOPS capacity
3. change volume type

No service interruptions are required

Question 3

Why are EBS snapshots cost effective?

Answer 3

They implement incremental backup strategies. So, for example, if 5GB of a 100GB volume had changed, the backup is only 5GB large.

Question 4

Amazon EBS Optimization

Answer 4

This is an EBS features which allows an instance to prevent network contention for an EBS volume. It will make sure EBS related traffic is kept separate from general network traffic.

Question 5

What is “initialization” in regard to snapshots?

Answer 5

EBS volumes restored from snapshots are slower than a new EBS volume at the point at which a block is accessed for the first time. If you want to avoid this performance penalty, you can ‘initialize’ the volume by accessing each block before putting it into production

Question 6

What data access behavior is sub optimal for HDD?

Answer 6

small, random I/O

Question 7

Strategies for degraded HDD performance?

Answer 7

1. Configure read-ahead for ready heavy workloads
2. use RAID 0 configuration
3. track performance via Amazon CloudWatch

Question 8

What to do if EBS is root volume for instance but instance is inacessible?

Answer 8

Make new EC2 instance, detach EBS volume from failing instance and attach to new instance

Question 9

Describe bucket limitations

Answer 9

1. They are flat (no nested buckets)
2. only 100 buckets per accounts
3. must be empty to delete it

Question 10

What happens when you delete an object in a versioned bucket?

Answer 10

A delete ‘marker’ is applies on the object, so it is inaccessible. But administrators can still access the data.

Question 11

What is reason for versioning in S3?

Answer 11

1. protect from accidental deletion
2. recover earlier version
3. retrieve deleted objects

Question 12

Can you revert a bucket to an unversioned state?

Answer 12

No, but you can copy all the versioned objects into a new unversioned bucket and use that bucket going forward

Question 13

Benefits of tagging objects

Answer 13

1. Can create fine grained access (i.e. permission for certain tags)
2. Fine grained control in lifecycle management
3. Filters in S3 Analytics
4. Customize CloudWatch Metrics based on tag filters

Question 14

What is a vault lock?

Answer 14

A set of policies used for compliance on S3 Glacier Vault. An example policy is ‘write once read many’. A a vault lock is permanent.

Question 15

What is the base unit of storage in S3 Glacier?

Answer 15

An archive

Question 16

Can you assign a key name to S3 Glacier Archives?

Answer 16

No, you simply receive a sequence of characters as an identifier when you upload

Question 17

What is minimum # of AZs used by all S3 storage classes (except OneZone_IA)

Answer 17

3

Question 18

What data consistency model does S3 follow?

Answer 18

Eventual consistency, but it uses read after write consistency for PUT operations of new objects.

Question 19

What is envelope encryption?

Answer 19

1. A data key is generated
2. Data is encrypted with data key.
3. Data key itself is encrypted with existing encryption key.
4. Encrypted data and data key stored by AWS storage service.

*The key encrypting key are stored and managed separately from the data and data keys

Question 20

Options for S3 encryption?

Answer 20

1. SSE-S3
2. SSE-C (customer managed keys)
3. SSE-KMS

Question 21

Default access policy for a bucket?

Answer 21

private

Question 22

Difference b/t bucket policies and IAM policies?

Answer 22

Instead of attaching policies to the users, groups, or roles, bucket policies are attached to a specific resource, such as an Amazon S3 bucket.

Question 23

T/F: you can grant access to other accounts and your account using resource based ACLs

Answer 23

False, you can only grant access to other accounts using resource based ACLs, not users in your own account.

Question 24

Defense in depth strategies for S3

Answer 24

1. Data must be encrypted at rest and in transit
2. Data must be accessible only by a limited set of public IP addresses
3. Data must not be publicly accessible directly from an S3 URL
4. Domain name required to consume content
5. Apply bucket policies for users w/ specific permissions

Question 25

Another name for query string authentication of S3

Answer 25

presigned URL

Question 26

What does Cross Region Replication (CRR) apply to and what are some of its characteristics?

Answer 26

Replication of objects in distinct regions

1. S3 must be granted permission to replicate
2. Versioning must be enabled
3. Source and destination must be in different regions

Question 27

What to enable with S3 for GET intensive workloads?

Answer 27

CloudFront

Question 28

What strategy to implement for heavy worklaods in S3 >= 1,000 request per second?

Answer 28

Implement a short (3-4 character) random hash into the key prefix for an S3 object. This ensures that objects will not reside in close proximity within same infrastructure partition.

Question 29

What to enable to transfer large objects across large distances? How does this solution work?

Answer 29

S3 Transfer Acceleration. Works by transferring data to nearest CloudFront Edge location. Then data can avoid public internet when transferring to the target region (lower latency).

Question 30

What character to avoid in S3 Buckets?

Answer 30

periods

Question 31

How to upload very large files to S3?

Answer 31

multipart uploads (recommended for >= 100MB)

1. break apart file
2. parallelize upload
3. submit manifest file

Question 32

How to download very large file from S3?

Answer 32

Range GET. This is basically the opposite of multipart uploads.

Question 33

Difference b/t EBS and S3 billing.

Answer 33

In S3, you pay for what is used; in EBS you pay for what is allocated.

Question 34

Lifecycle Management option for S3

Answer 34

1. Transition Actions (i.e. move to STANDARD_IA after 30 days)
2. Expiration Actions (i.e. delete after 30 days)

Question 35

A key limitation of EFS?

Answer 35

Not supported on Windows instances

Question 36

How to sync files with EFS?

Answer 36

AWS DataSync

Question 37

Performance options within EFS?

Answer 37

1. General Purpose (low latency)

2. Max I/O (higher latency, more scalable)

Question 38

File gateway is like…

Answer 38

an NFS mount on Amazon S3, allowing you to access your data directly in Amazon S3 from on premises as a file share.

Question 39

Volume Gateway provides…

Answer 39

cloud-based storage volumes you can mount as iSCSI devices from on prem application servers.
(cached mode and stored volume mode configurations available)

1. Cached mode: frequently accessed data cached in gateway
2. stored volume mode: volumes asynchronously backed up to cloud

Question 40

Snowball is for ___ scale migrations, and Snowmobile is for __ scale migrations.

Answer 40

Snowball: petabyte (< 10 PB)
SnowMobile: exabyte ( > 10 PB)

Question 41

Difference b/t AWS managed VPN and AWS VPN Cloudhub

Answer 41

Both offer tunneling into VPC (exposes VPN endpoints via virtual private gateway), but Cloudhub is designed for when you have more than one remote network (i.e. multiple branch offices)

Question 42

S3 durability and availability

Answer 42

Durability: 11 nines
Availability: 4 nines

Question 43

One way to protect against accidental object deletion that is not versioning?

Answer 43

MFA delete

Question 44

Glacier size limit?

Answer 44

40TB

Question 45

Storage limits

Answer 45

1. EC2 instance store: 48TB
2. EBS: 16TB
3. S3: limitless
4. Glacier: limitless

Question 46

When restoring an EBS volume from a snapshot, how long will it take before data is available?

Answer 46

The data will be available immediately

Question 47

Steps to create static website in S3

Answer 47

1. Create bucket with website hostname
2. Upload static content and make it public
3. Enable website hosting on bucket
4. indicate index and error page details

Question 48

When you delete an EC2 instance, is EBS volume deleted?

Answer 48

If the EBS volume is root, then yes; otherwise no. Can be manually set via DeleteOnTermination attribute.