IAM & S3 Flashcards
What are the components that makeup IAM?
Users
Groups
Policies
Roles
What is a group in IAM?
A collection of users. Each user inherits the permission of the group
What is a policy in IAM?
Policies are made up of documents called policy documents and are formatted in JSON. They give permissions to what a user, group ,role can do
What is a role in IAM?
You can create roles and assign to AWS resources
What is a role used for?
Allow an AWS resource access to another resource or service
What permissions do users have when first created?
None
What are new users assigned when created?
Access Key ID
Secret access Keys
Can you use access key and secret access keys to login to the AWS console?
No, they are used with APIs to provide programmatic access
How many time can you view the access key ID and secret access keys
Once when created
How can you better secure IAM
Use MFA for root create and customize password rotation policy
Is S3 object-based or block-based?
Object
What are the size ranges for S3?
0-5TB
Can you have two buckets with the same name?
No
What is the S3 URL format?
region.amazonaws.com/bucket name
Is S3 suitable for an OS or DB?
No
What is the status code for a successful put?
HTTP 200
How can you protect against accidental deletion?
MFA delete
What are the S3 fundamentals
Key Value
Version
Metadata
Subresources -
ACL
Torrents
Describe the S3 consistency model
Read after writer for puts of new and eventual consistency for overwrite PUTS and DELETES
What are the S3 tiers
S3 standard
S3 -IA
S3 - One Zone - IA
S3 - Intelligent Tiering
S3 Glacier
S3 - Deep Archive
What can you use to better control access to buckets?
ACL or bucket policies
True or false - Buckets are public when created?
False - They are private
You need to track access to the bucket and all files for security purposes. How can you do that?
Enable access logging.
What encryption options are available with data in transit?
SSL/TLS
What encryption options are available with data at rest?
S3 - Managed keys - SSE-S3
AWS Key mgmt Service, managed keys - SSE-KMS
Server side Encryption with customer provided keys - SSE-C
Client side
How does versioning store objects?
Stores all versions, including writes even if you delete
Can S3 versioning be disabled?
No, it can only be suspended
What feature of S3 can help automate object movement between storage tiers?
Lifecycle management
What is required to enable cross-region replication?
Versioning on source and destination, regions must be unique
Will existing files be replicated when cross-region replication is turned on?
No. All new files will be
What is not replicated with CRR?
existing files put before replication was turned on and delete markers, deleted individual versions or delete markers
What does CloudFront use to cache content to provide fast delivery?
Edge location
What are the components of CloudFront?
Origin, Edge location, distribution
What are the types of Origins?
S3 bucket,
EC2,
ELB,
R53
What is a CF distribution?
Name of CDN which is made up of Edge locations
What are the types of distributions?
Web - for websites RTMP - media streaming
Are edge location RO?
No
How are objects cached?
TTL value
Is there a cost to invalidate a cached object?
Yes
What is snowball used for?
To mass load import data to S3 or export
What are the types of storage GW’s?
File GW
Volume GW - Stored volumes
Cached GW VTL
What is AWS Storage Gateway?
It is a virtual appliance that can be used to cache S3 locally at a customer’s site.
When should you use multi-part upload?
If you’re uploading large objects over a stable high-bandwidth network, use multipart uploading to maximize the use of your available bandwidth by uploading object parts in parallel for multi-threaded performance. If you’re uploading over a spotty network, use multipart uploading to increase resiliency to network errors by avoiding upload restarts. When using multipart uploading, you need to retry uploading only parts that are interrupted during the upload. You don’t need to restart uploading your object from the beginning.
What is the maximum and minimum object sizes when using multipart upload?
5 MB to 5 TB
When should you use pre-signed URLs?
The pre-signed URLs are useful if you want your user/customer to be able to upload a specific object to your bucket, but you don’t require them to have AWS security credentials or permissions.
What is file gateway?
File Gateway is a configuration of the AWS Storage Gateway service that provides your applications a file interface to seamlessly store files as objects in Amazon S3, and access them using industry standard file protocols.