S3 101

Question 1

S3

Answer 1

Simple Storage Service

Question 2

What is S3 for?

Answer 2

Its’ AWS primary storage service. Provides a secure, durable and highly scalable object storage

Question 3

What are S3’s file size limits?

Answer 3

Files can go from 0 bytes to 5 TB’s

Question 4

Does S3 have storage limitations?

Answer 4

S3 has unlimited storage

Question 5

What is meant by “S3 is a universal namespace”?

Answer 5

S3 names must be unique globally

Question 6

Where are objects?

Answer 6

An object is a file and any metadata that describes it

Question 7

What is the format of object name?

Answer 7

A web address

Question 8

What do you get in return upon a successful load of an object to S3?

Answer 8

You receive an HTTP 200 code

Question 9

What is a Bucket?

Answer 9

It’s a root level folder you create in S3

Question 10

What are the structural requirements when creating a Bucket?

Answer 10

You must specify the Region where the bucket to exist. Any objects loaded to the S3 bucket will be physically located in the data center in that Region

Question 11

What is a good practice when creating a bucket?

Answer 11

Chose a Region that is physically closest to you to reduce transfer latency

Question 12

What does an object consists of?

Answer 12

1. Key (Name of the object)
2. Value (data)
3. Version ID (for versioning)
4. Metadata
5. Subresources

Question 13

What does a subresource consist of?

Answer 13

1. Access Control List (ACL)

2. Torrent

Question 14

What is Access Control List (ACL)?

Answer 14

Permissions of the object at Bucket or object level

Question 15

What is the data consistency model in S3?

Answer 15

1. Read after write consistent for PUTS of new objects

2. Eventual consistency for overwrite PUTS and DELETES

Question 16

What are S3 Guarantees?

Answer 16

1. 99.99% S3 platform availability
2. 99.9 availability
3. 99.999999999% durability

Question 17

What are S3 features?

Answer 17

1. Tiered Storage
2. Lifecycle Management
3. Versioning
4. Encryption
5. MFA Delete
6. Secure data using ACL’s and Bucket policies.

Question 18

S3 Storage Classes

Answer 18

1. Standard
2. Infrequent access (IA)
3. One Zone IA
4. Intelligent Tiering
5. Glacier
6. Archive Glacier

Question 19

S3 Standard

Answer 19

1. Most expensive
2. 99.99 availability 3. 99.999999999 durability
3. Redundant storage across multiple facilities and devices
4. Able to sustain the loss of facilities concurrently

Question 20

S3 Infrequent Access

Answer 20

1. For data less frequently accessed but requires rapid access
2. Lower fees than standard
3. Charged a retrieval fee

Question 21

S3 One Zone Infrequent Access

Answer 21

1. Lower cost than IA

2. No redundant data storage

Question 22

Which is more resilient S3 Standard or S3 One Zone IA?

Answer 22

Standard S3 because data is spread across multiple availability zones.

Question 23

S3 Intelligent Tiering

Answer 23

Automatically moves data to most cost effective access tier w/o performance impact or operational overhead

Question 24

Glacier

Answer 24

1. For data archiving
2. Can store any amount of data
3. Retrieval times can go from minutes to hours

Question 25

Glacier Deep Archive

Answer 25

1. Lowest cost storage

2. Retrieval times of up to 12 hours

Question 26

What is object durability?

Answer 26

Is the percent over a one year time period that an object stored in S3 will not be lost

Question 27

What is object availability ?

Answer 27

Is the percent over a one year period that an object stored in S3 will be accessible

Question 28

S3 Charges

Answer 28

S3 Charges for:

1. Storage
2. Requests
3. Storage Management
4. Data Transfers
5. Transfer acceleration
6. Cross Region Replication

Question 29

What is Transfer acceleration?

Answer 29

1. Enables fast, easy and secure transfer of objects over long distances between end users and an S3 bucket

Question 30

What is Cross Region Replication?

Answer 30

Replicates objects in buckets across regions (for high availability and disaster recovery)

Question 31

How does Transfer Acceleration works?

Answer 31

It takes advantage of CloudFront global distribution and edge locations. As data arrives to edge locations data is routed to S3 over an optimized network path

Question 32

By Default S3 Bucket and files within are…

Answer 32

not accessible to anyone unless they are set to public

Question 33

What is a potential risk with S3 One Zone IA?

Answer 33

If zone fails you can lose data

Question 34

When should you use S3 One Zone IA?

Answer 34

If there is not need to worry about redundancy

Question 35

Generally, which one is a better option, Standard or Intelligent Tier?

Answer 35

Intelligent Tier may be a better option S3 standard because it can S3 standard and infrequent access (IA)

Question 36

By default newly created buckets are….

Answer 36

Private

Question 37

What tools can be leveraged to set up access controls to buckets?

Answer 37

1. Bucket polices - for bucket level controls

2. Access Control List - for individual object level controls

Question 38

What are S3 access logs?

Answer 38

Logs of all requests made to S3 bucket

Question 39

What is S3 In Transit Encryption?

Answer 39

Protects data as it travels to and from Amazon S3 achieved by SSL/TLS

Question 40

What is S3 At Rest Encryption?

Answer 40

Protects data stored on server side (disk) on Amazon data centers

Question 41

Type of S3 Encryption

Answer 41

1. In Transit

2. At Rest (On server side)

Question 42

How is S3 Server side encryption managed?

Answer 42

1. S3 Managed Keys - Amazon manages encrypt/decrypt keys (SSE-S3)
2. AWS Kay Management Service - User and Amazon manage keys together (SSE-KMS)
3. Server Side Encryption with Customer Provided Keys - User gives Amazon own keys that are managed by user (SSE-C)
4. Client Side Encryption

Question 43

Versioning

Answer 43

1. Stores all version of an object (writes & deletes)
2. Once enable, it cannot be disabled (only suspended)
3. Integrates with Lifecycle rules
4. MFA delete capability can be used to provide additional layer of security
5. Great back up tool

Question 44

Are versions public permission carried over?

Answer 44

No. Each version has to be made individually public

Question 45

Can an individual version be permanently deleted?

Answer 45

Yes

Question 46

What is an object lifecycle?

Answer 46

Is a set of rules that automate the migration of objects storage classes to a different storage class based on specified time intervals

Question 47

What is an S3 object lock?

Answer 47

Used to store objects using a write model, read many (WORM) model. It helps prevent objects from being deleted or modified for a fixed amount of time/indefinetely

Question 48

Object Lock use cases

Answer 48

1. If you have an object and you don’t want anyone to delete it or modify it
2. To meet regulatory requirements that required WORM storage
3. To add extra layer of protection against object changes and deletion

Question 49

What are the object lock modes?

Answer 49

1. Governance Mode

2. Compliance Mode

Question 50

Governance Mode

Answer 50

1. Users can’t overwrite or delete an object version or alter its lock settings unless they have special permissions.
2. Can grant some users permissions to alter the retention setting or delete an object if necessary.

Question 51

Compliance Mode

Answer 51

1. Ensure object version can’t be overwritten or deleted for the duration of the retention period including the root user in the AWS account
2. Retention mode cannot be changed or shortened

Question 52

Retention Periods

Answer 52

Protects an object version for a fixed amount of time

Question 53

How do Retention Periods work?

Answer 53

S3 stores a timestamp in the object’s version metadata indicating when the retention period expires. When the retention period expires the object’s version can overwritten or deleted unless you place a legal hold on the object

Question 54

What is a legal hold?

Answer 54

Similar to Retention period but it has no associated retention period and remains in effect until removed.

Question 55

Who can place or remove a legal hold?

Answer 55

Any user who has S3:PutOnObjectsLegalHold permission can place or remove a legal hold

Question 56

Glacier Vault Lock

Answer 56

Way of locking your objects inside of glacier similar to S3 object lock

Question 57

How does Vault Lock works?

Answer 57

Allows you to deploy and enforce compliance control to individuals with vault lock policy. Once locked the policy cannot be changed.

Question 58

Can object locks be applied to individual objects only?

Answer 58

No, Object lock can also be applied across the bucket

Question 59

What is a legal hold?

Answer 59

Similar to retention period. It prevents an object version from being overwritten or deleted but it has no retention period associated with it and remains in effect until removed.

Question 60

How can you enforce regulatory and compliance controls in S3 and Glacier?

Answer 60

By applying object locks and glacier vault policies, retention periods and legal holds on object versions

Question 61

How can you design applications to maximize performance in S3?

Answer 61

By using:

1. Prefixes
2. S3 Limits on KMS
3. Multi Part uploads
4. Multi Part downloads

Question 62

Where are Prefixes in the physical location of the object?

Answer 62

It’s the middle part between the bucket name and object name

Question 63

How do multi part uploads maximize performance in S3?

Answer 63

Allows to split into chunks and load files in parallel to S3

Question 64

What are the guidelines and requirements for multi part uploads to S3?

Answer 64

Recommended for files over 100 megs and required for files over 5GB’s

Question 65

How does multi part download maximize performance in S3?

Answer 65

Parallel download by specified byte ranges.
If there is a failure in the download, it’s only for the specified byte range.
It can be use to download partial amounts of the file

Question 66

True or False. The more prefixes the better performance?

Answer 66

True. Performance is improve by spreading prefixes

Question 67

How do you maximize performance using Prefixes?

Answer 67

S3 has extremely low read/write latency. You can also achieve a high number of request per second per prefix (about 3,500) so you can get better performance by spreading your reads across different prefixes

Question 68

How does KMS impacts S3 read/write performance?

Answer 68

There are Region specific quota limits on the number of S3 requests per second

Question 69

What is S3 Select?

Answer 69

It’s a feature that enables application to retrieve only a subset of data by using simple SQL and without having to download, decompress or process entire file.

Question 70

What is Glacier Select?

Answer 70

Similarly to S3 select it allows you to run SQL queries directly from the Glacier

Question 71

Glacier Select use case

Answer 71

Highly regulated companies write data to Glacier to satisfy compliance needs (e.g., Health Care and Financial Services)

Question 72

AWS Organizations

Answer 72

It’s an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage

Question 73

Consolidated Bills

Answer 73

It takes the aggregate of all of your AWS accounts into one bill. Makes it easier to track , manage and allocate resources and take advantage of volume pricing discounts.

Question 74

How do I enable access to buckets and objects across AWS accounts?

Answer 74

1. Bucket Policies & IAM
2. Bucket ACL’s & IAM
3. Cross-Account & IAM Roles

Question 75

Where do you apply Bucket policies & IAM?

Answer 75

It’s applied across the entire bucket and by programmatic access only

Question 76

Where do you apply Bucket polices and ACL’s?

Answer 76

It’s applied to individual objects in the bucket and by programmatic access only

Question 77

Where do you apply Cross-Account IAM Roles

Answer 77

it’s applied at bucket and object levels either by programmatic or console access

Question 78

Transfer Acceleration

Answer 78

Utilizes CloudFront edge network to accelerate uploads to S3

Question 79

How does Transfer Acceleration works?

Answer 79

Instead of loading directly to S3 bucket, you can use a distinct URL to upload directly to an edge location which will then transfer file to S3

Question 80

S3 AWS Datasync

Answer 80

Is a service that allows you to move large amounts of data from on-prem data systems such NFS (Network File Systems) into AWS Data storage services

Question 81

What data transfer safety features are supported by Datasync?

Answer 81

1. Automatically encrypts and accelerates data transfers over WAN
2. Performs automatic data integrity check in-transit and at-rest

Question 82

CloudFront

Answer 82

Is a content delivery network (CDN) system of distributed servers (Network) that delivers web content to a user based o the geo location of the user. origin of the web page and the content delivery server

Question 83

What is an edge location?

Answer 83

Location where the web content will be coached

Question 84

What is the origin?

Answer 84

Origin of all the files the CDN will distribute (e.g., S3, EC2)

Question 85

What is the distribution?

Answer 85

Name of the CDN or collection of edge locations

Question 86

How does CloudFront work?

Answer 86

Delivers web contents using global network of edge locations by routing request to the nearest edge location so that contents is delivered with the best possible performance

Question 87

How many types of CloudFront distribution?

Answer 87

1. Web (for websites)

2. RTMP (for media streaming)

Question 88

Are edge locations Read only?

Answer 88

No. You can write to them too.

Question 89

What CloudFront features are available to restrict content access?

Answer 89

1. Signed URL’s

2. Signed Cookies

Question 90

When do you Signed URL’s?

Answer 90

When you want to secure contents to individual files so only authorize individuals have access to them

Question 91

When do you use Signed Cookies?

Answer 91

When you want to secure contents to multiple files so only authorize individuals have access to them

Question 92

How do you create Signed URL’s or Cookies?

Answer 92

By attaching a policy that includes:

1. URL expiration
2. IP Range
3. Trusted signers

Question 93

What are Trusted Signers?

Answer 93

AWS accounts that can create signed URL’s

Question 94

Snowball

Answer 94

It is a peta-byte data transport solution that uses secure data appliances to transfer large amounts of data into and out of AWS

Question 95

Snowball advantages

Answer 95

1. Avoid high network costs
2. Long transfer times
3. Sercurity
4. One fifth the cost of high speed internet

Question 96

Snowball options

Answer 96

Comes in 50 TB or 80 TB

Question 97

Snowball Edge

Answer 97

100 TB data transfer service to move large amounts of data in and out of AWS

Question 98

Snowball Edge advantages

Answer 98

1. Has compute and storage capabilities

2. Can run Lambda functions

Question 99

Storage Gateway

Answer 99

It is a hybrid cloud storage service that give you on-premise access to cloud storage

Question 100

What are Storage Gateway types?

Answer 100

1. File Gateway
2. Tape Gateway
   3 Volume Gateway

Question 101

What is File Gateway for?

Answer 101

For flat files stored directly in S3

Question 102

What is Tape Gateway for?

Answer 102

Tape Gateway allows you to replace and store physical tapes with virtual tapes in Amazon S3, Amazon S3 Glacier, and Amazon S3 Glacier Deep Archive,

Question 103

Types of Volume Gateways

Answer 103

1. Stored Volumes

2. Cache Volumes

Question 104

What is Stored Volumes?

Answer 104

Stores entire Dataset on site that is asynchronously back up in S3

Question 105

What is cached Volumes?

Answer 105

Entird Dataset is stored S3 and the most frequently accessed data is cached on-site

Question 106

Athena

Answer 106

It is an interactive query service that enables you to analyze and query data located in S3 using standard SQL

Question 107

Athena benefits

Answer 107

1. Allows to treat S3 as a DB
2. Serverless
3. Works directly with data stored in S3

Question 108

Macie

Answer 108

Security service which uses machine learning and Natural Language Processing to discover, classify and protect sensitive data stored in S3

Question 109

Macie benefits

Answer 109

1. Work directly with data stored in S3

2. Can analyse Cloudtrail logs