Object Storage and Content Delivery: S3 and CloudFront

Question 1

Static website on Amazon S3 with custom domain name

Answer 1

Requires that the bucket name matches the DNS name / record set name in Route 53

Question 2

503 errors experienced with new site and thousands of user

Answer 2

Request rate is too high

Question 3

Discrepancy with number of objects in bucket console vs CloudWatch

Answer 3

Use Amazon S3 Inventory to properly determine the number of objects in a bucket

Question 4

Need to enforce encryption on all objects uploaded to bucket

Answer 4

Use a bucket policy with a “Condition”: { “Bool”: { “aws:SecureTransport”: “false” statement for PutObject and with the resource set to the bucket

Question 5

Unauthorized users tried to connect to S3 buckets. Need to know which buckets are targeted and who is trying to get access

Answer 5

Use S3 server access logs and Athena to query for HTTP 403 errors and look for IAM user or role making requests

Question 6

Need to provide access to third-party to S3 bucket and must limit amount of access. List of users changes a lot

Answer 6

Use a pre-signed URL allowing access to the specific files

Question 7

Need to protect S3 data from ransomware attacks that encrypt data

Answer 7

Enable S3 versioning

Question 8

After enabling MFA on a bucket, what operations will require MFA authentication?

Answer 8

Permanently removing object versions and suspending versioning on the bucket

Question 9

Files are downloaded from S3, edited and uploaded with same file name. Sometimes they are accidentally modified or deleted

Answer 9

To allow recovery enable versioning on the bucket

Question 10

Existing application uses EC2, RDS, EFS and S3. Need to enable encryption

Answer 10

Can enable encryption only on S3 (as already deployed)

Question 11

Static website deployed but “HTTP 403 Forbidden” message received

Answer 11

Add bucket policy granting everyone read access to objects

Question 12

Application on EC2 must save files to Amazon S3 and needs access

Answer 12

Create an IAM role for S3 access and attach to EC2 instance

Question 13

History of revisions to files stored in an S3 bucket must be maintained

Answer 13

Implement S3 versioning

Question 14

Large volume of log files stored in S3 bucket and processed daily

Answer 14

Most cost-effective option is S3 standard

Question 15

Need to restrict S3 bucket access to same account after previously shared with other account

Answer 15

Change ACL to restrict only to bucket owner

Question 16

Static content is served from Amazon S3 with long loading times

Answer 16

Use CloudFront to cache for better performance

Question 17

Need to use custom domain name with CloudFront

Answer 17

Create an alias record in Route 53 pointing to the distribution URL

Question 18

CloudFront in front of ALB and EC2 and logging enabled. Need to view logs for HTTP layer 7 status codes

Answer 18

Check ALB access logs and CloudFront access logs

Question 19

App running on EC2 with RDS multi-AZ has static content on S3. Need to improve performance as load testing slowed it down

Answer 19

Use CloudFront to cache the content

Question 20

Need to secure S3 bucket that is used with CloudFront

Answer 20

Use an OAI and grant permissions to read objects in the bucket

Question 21

Website with dynamic content and need to restrict access from certain countries and regions

Answer 21

Use Amazon CloudFront geo-restriction and Amazon Route 53 geolocation routing