Chp 12: Amazon S3 Introduction Flashcards
What is the purpose of Amazon S3 bucket
Amazon S3 is an object (file) storage service that stores data as objects within buckets. An object is a file and any metadata that describes the file. A bucket is a container for objects.
What is the naming convention for s3 buckets?
S3 buckets must have a globally unique name
S3 buckets are defined at what level?
region
Are there directories within buckets?
no
what is the content of the s3 bucket body?
object values
Do objects have a key
yes
Is versioning an option for s3 buckets
yes it is
how is versioning enabled
at the bucket lvl
what happens when versioning is suspended?
previous versions are NOT deleted
What are the methods of encryption in S3
- SSE-S3
- SSE- KMS
- SSE-C
- Client side encryption
What is SSE-S3?
- encrypts s3 object using keys handled and managed by aws
- obj is encrypted server side
- aes 256 encryption type
- header must be set
what is SSE-KMS
- leverage aws key mgmt
- advantages: user control and audit trail
- object is encrypted server side
- must set header
what is SSE-c
- when you want to manage your own encryption keys
- s3 does not store the encryption key you provide
- https must be used
- encryption key must be provided in http headers, for every http request made
what is client-side encryption
- client library such as the amazon s3 encryption client
- client must encrypt data themselves before sending to s3
- client must decrypt data themselves when retrieving from s3
- customer fully manages the keys + encryption cycle
what is mandated for sse-c?
https