S3 101

Question 1

What does S3 stand for?

Answer 1

Simple Storage Service

Question 2

What is S3 used for?

Answer 2

• S3 provides developers + IT teams w/ secure, durable, highly-scalable object storage.
• retrieve and store any amount of data from anywhere on the web

Question 3

What type of storage does S3 use?

Answer 3

S3 uses Object-based storage – i.e. allows you to upload files

Question 4

What size limitations are there for individual S3 objects? What about aggregate limitations?

Answer 4

• S3 files can be from 0 Bytes to 5 TB.
• There is no aggregate limitation

Question 5

What are S3 buckets? What are they used for?

Answer 5

S3 buckets store files. (Think of them like a file folder)

Question 6

What type of namespace does S3 use?

Answer 6

S3 uses a universal namespace. That is, names must be globally unique.

Question 7

When you successfully upload a file to S3, what will you receive back?

Answer 7

an HTTP 200 code

Question 8

What are the components of an S3 object? What do each of these components represent?

Answer 8

An S3 object consists of the following:

• Key (The name of the object)
• Value (the data, made up of a sequence of bytes)
• Version ID (Important for versioning/version control)
• Metadata (data about data you are storing)
• Subresources (Access Control Lists, Torrent)

Question 9

How does S3 keep data consistent?

Answer 9

• Read after Write consistency for PUTS of new Objects
• Eventual Consistency for overwrite PUTS and DELETES (takes some time to propagate)

Question 10

For what % availability was the S3 platform built?

Answer 10

99.99%

Question 11

What % availability does Amazon guarantee for S3 Standard?

Answer 11

99.9%

Question 12

What % durability does Amazon guarantee for S3 Standard information?

Answer 12

99.999999999% durability (11 9’s)

Question 13

What are the key features of S3?

Answer 13

​(V MELTS)

• Versioning
• MFA Delete
• Encryption
• Lifecycle Management
• Tiered Storage
• Secure Data using Access Control Lists and Bucket Policies

Question 14

What are the key features of S3 Standard?

Answer 14

• 99.99% Avail
• 11 9’s Durability
• Stored redundantly across multiple devices in multiple facilities,
• designed to sustain the loss of 2 facilities concurrently

Question 15

What does the “IA” stand for in S3-IA?

Answer 15

Infrequently Accessed

Question 16

What type of data is best stored in S3-IA?

Answer 16

S3-IA is best for data that is not accessed frequently, but requires rapid access when needed

Question 17

What is the pricing structure of S3-IA? Specifically, how does it differ from that of S3 Standard?

Answer 17

• S3-IA has a lower base storage fee than S3 Standard.
• However, S3-IA charges a retrieval fee.

Question 18

What are the key differences between S3-IA and S3 One Zone - IA?

Answer 18

Compared to S3-IA, S3 One Zone- IA has lower cost but less durability.

• S3 One Zone-IA is a lower-cost option for IA data
• S3 One Zone-IA does not give the multiple Availability Zone resilience of S3 standard and S3 IA.

Question 19

What is S3 - Intelligent Tiering?

Answer 19

S3 Intelligent tiering uses ML and is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. (Basically, it’s the autopilot mode for S3 tiering)

Question 20

What is S3 Glacier primarily used for?

Answer 20

S3 Glacier is mostly used for data archival at low-cost

Question 21

How long does it take to retrieve something from S3 Glacier?

Answer 21

Retrieval times from S3 Glacier are configurable and range from minutes to hours

Question 22

What is S3 Glacier Deep Archive?

Answer 22

S3 Glacier Deep Archive is S3’s lowest-cost storage class

Question 23

How long does it take to retrieve something from S3 Glacier Deep Archive?

Answer 23

S3 Glacier Deep Archive is for cases where a retrieval time of 12 hours is acceptable.

Question 24

What are the areas on which you are charged for using S3?

Answer 24

• Storage (amount you are storing)
• Requests
• Storage Management Pricing (Tier)
• Data Transfer
• Transfer Acceleration
• Cross - Region Replication

Question 25

What is Transfer Acceleration?

Answer 25

• Used for fast, easy, secure transfers over long distances between end user and an S3 bucket
• Uses CloudFront’s globally distributed edge locations: as data arrives at an edge location, data is routed to S3 over an optimized network path

Question 26

What is the format of the DNS name created for an S3 bucket in a specific region?

Answer 26

“http://s3.aws-region.amazonaws.com/bucketName”

OR

“http://bucketname.s3.aws-region.amazonaws.com”

_{(<a>https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro</a>)}

Question 27

What would you use to install an operating system on S3?

Answer 27

S3 is NOT suitable to install an operating system on.

Question 28

How can I help, at a bucket-configuration level, to protect against someone going in and deleting data from S3?

Answer 28

Turn on MFA Delete

Question 29

How does the pricing model work for S3 Intelligent Tiering

Answer 29

Very similar to S3 Standard EXCEPT

• you have access to IA which is less expensive
• There is a monitoring / automation cost per thousand objects per month

Question 30

What are the default access control permissions for newly created buckets?

Answer 30

By default, all newly created buckets are PRIVATE

Question 31

How can I set up access control to buckets?

Answer 31

• Bucket Policies
• Access Control Lists (object-specific)

Question 32

How can I set up my S3 bucket to log all requests made to it?

Answer 32

S3 buckets can be configured to create access logs, which log all requests made to the S3 bucket.

Question 33

What are AWS Organizations?

Answer 33

AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.

Question 34

What is Consolidated Billing? How would I set it up? What are three major advantages to it?

Answer 34

Consolidated Billing is an advantage of AWS Organizations. The three major advantages are:

• One Bill per AWS account
• Very easy to track changes & allocate costs
• Volume Pricing Discount – the more you use, the lower your rate

Question 35

What are two forms of best practices for a root account with AWS organizations?

Answer 35

• Always enable multi-factor authentication on a root account
• Always use a strong and complex password on a root account

Question 36

How can I enable/disable AWS services for either the organizational level or on individual accounts?

Answer 36

Enable/Disable AWS services using Service Control Policies (SCPs) either on Organizational Units or on individual accounts

Question 37

What is the difference between Bucket Policies and Bucket ACLs as it relates to sharing S3 buckets across accounts?

Answer 37

• Bucket Policies apply across the entire bucket
• Bucket ACLs apply to individual objects

Question 38

Which method of sharing S3 buckets across accounts is the only one that provides both Programatic and Console access?

Answer 38

Cross-account IAM Roles

Question 39

What are the 3 ways to share S3 buckets across accounts? What level of access does each provide?

Answer 39

• ​Bucket Policies & IAM – (applies across entire bucket) Programatic Access Only

​

• Bucket ACLs & IAM (applies to individual objects) Programatic Access Only
• Cross-account IAM Roles. – Programmatic AND Console Access

Question 40

Does Cross-Region Replication require bucket versioning?

Answer 40

Yes. Cross-region replication requires bucket versioning on both the source and destination buckets.

Question 41

When performing cross-region replication, what permissions – at the time of creation – are different between the source bucket and the destination bucket?

Answer 41

by default, there are NO differences between the source and replicated buckets

Question 42

When performing cross-region replication, what files – at the time of creation – are different between the source bucket and the destination bucket?

Answer 42

When using cross-region replication, files in an existing bucket are NOT replicated automatically.

Question 43

When performing cross-region replication, what discrepancies will there be between the source and replication buckets?

Answer 43

• All file (versions) made before CRR was turned on are not automatically copied at creation
• Delete markers, deleted versions, and deletes of delete markers are NOT replicated

Question 44

At a high level, how does S3 Transfer Acceleration work?

Answer 44

Instead of uploading directly to a bucket, the user utilizes a distinct (given) URL to upload to an edge location, which then transfers through Amazon Backbone and directly uploads to an S3 bucket

Question 45

What is AWS DataSync used for?

Answer 45

AWS DataSync is used primarily for moving/copying large amounts of data from on-premises to AWS

Question 46

With what types of file systems is AWS DataSync compatible?

Answer 46

DataSync is used with NFS- and SMB-compatible file systems

Question 47

How can you start DataSync replication?

Answer 47

Install the DataSync agent to start the replication​

Question 48

How often is data replication performed by AWS DataSync?

Answer 48

Replication in DataSync can be done hourly, daily, or weekly.

Question 49

How can AWS DataSync be used to replicate EFS to EFS?

Answer 49

Install the DataSync Agent on an EC2 instance connected to EFS

Question 50

What does CDN stand for?

Answer 50

Content Delivery Network

Question 51

What is a Content Delivery Network?

Answer 51

A Content Delivery Network is a system of distributed servers that deliver web content to a user based on the geographic locations of the user, the origin of the webpage, and a content delivery space.

Question 52

What is an Edge Location?

Answer 52

A location where content is cached. (This is separate from an AWS Region/AZ)

Question 53

In the context of CloudFront and Content Delivery Networks, what is an origin? What are some examples of origins?

Answer 53

The origin of all the files that the CDN will distribute.

This can be an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route53

Question 54

In the context of CloudFront, what is a Distribution?

Answer 54

the name given to the CDN, which consists of a collection of edge locations

Question 55

Are edge locations read-only?

Answer 55

No. You can write to an edge location too!

Question 56

What is Amazon CloudFront?

Answer 56

CloudFront can be used to deliver your entire website, including dynamic, static, streaming, and interactive content, using a global network of edge locations.

Question 57

Why is Amazon CloudFront good for performance?

Answer 57

Geographic Cacheing. Requests for your content are automatically routed to the nearest edge location, so content is delivered with best performance possible.

Question 58

What does RTMP stand for?

Answer 58

Real-Time Messaging Protocol

Question 59

What are the 2 types of distributions used for CloudFront?

Answer 59

• Web Distribution - for websites
• RTMP - for media streaming

Question 60

Can you clear cached objects in an edge location?

Answer 60

Yes, but you will be charged. (Invalidating the Cache)

Question 61

What is Time To Live?

Answer 61

How long objects are cached in an edge location. This is a configurable amount.

Question 62

What S3 functionalities would you want to use for restricting content access?

Answer 62

CloudFront Signed URLs and Cookies and S3 Signed URLs

Question 63

What is the key difference between a CloudFront Signed URL and a CloudFront Signed Cookie?

Answer 63

• A signed URL is for individual files (1 file = 1 URL)
• A signed cookie is for multiple files (1 cookie = multiple URLs)

Question 64

What can be included in the policy attached to a signed URL or signed cookie?

Answer 64

• URL expiration (how long it is validd)
• IP ranges
• Trusted Signers (which AWS accounts can create signed URLs)

Question 65

What does OAI stand for?

Answer 65

Origin Access Identity

Question 66

Describe the process by which you get a CloudFront Signed URL

Answer 66

1. Client Authenticates and Authorizes to log in to the application
2. Application Uses CloudFront SDK to generate signed URL
3. Application Returns Signed URL to client
4. Client logs into Cloudfront using signed URL

Question 67

Can you use S3 Signed Cookies if your origin is in EC2?

Answer 67

No. If your origin is EC2, use CloudFront

Question 68

What is Amazon Snowball used for?

Answer 68

BIG data Transfers into and out of AWS, including importing to and exporting from S3

Question 69

What is the idea behind Amazon Storage Gateway?

Answer 69

Connecting an on-premises software app with cloud-based storage for smart storage (mixing cloud storage and on-premises storage).

Question 70

What does NFS stand for?

Answer 70

Network File System

Question 71

How does Amazon File Gateway work?

Answer 71

• Form of Amazon Storage Gateway
• Files are stored as S3 buckets
• Files are accessed through an NFS mount point
• Once objects are transferred to S3, they get managed as native S3 objects, and bucket policies apply directly to them.

Question 72

What are Amazon Stored Volumes? How do they work?

Answer 72

• Store primary data locally, while asynchronously backing it up to AWS
• On-premises applications get low latency access to their entire datasets. AND you get durable, off-site backups
• Data is backed up to S3 in the form of EBS snapshots

Question 73

What are Amazon Cached Volumes? How do they work?

Answer 73

• Lets you use S3 as your primary data storage while retaining frequently accessed data in your storage gateway.
• Minimize need to scale on-premises storage
• Data is backed up to S3 in the form of EBS snapshots

Question 74

What are the two types of Amazon Volume Gateways? In what key ways do they differ?

Answer 74

• Storage Volumes let you keep all of your data on premises (thus on-premise data is the primary storage)
• Cached Volumes let you keep your frequently accessed data on-premises (thus S3 is your primary data storage)

Question 75

How can you bring a system that runs on tapes into Amazon S3?

Answer 75

Use amazon’s Virtual Tape Library (VTL)

Question 76

What are the three types of Amazon Storage Gateways?

Answer 76

• File Gateway
• Volume Gateway
• Gateway Virtual Tape Library

Question 77

What is Amazon Athena? What is it commonly used for?

Answer 77

• Athena is an interactive query service that allows you to query data located in S3 using SQL
• Serverless
• Commonly used to analyse log data stored in S3

Question 78

What does PII stand for?

Answer 78

Personally Identifiable Information

Question 79

What is Amazon Macie?

Answer 79

• Macie is a security service which uses ML and NLP to discover, classify, and protect sensitive data used in S3
• Can be used to analyze CloudTrail logs for suspicious API activity
• Includes Dashboards, Alerts, Monitoring
• Great for PCI-DSS complicance and preventing Identity Theft

Question 80

What does KMS stand for?

Answer 80

Key Management Service

Question 81

What is the availaility of S3-OneZone-IA?

Answer 81

99.50%

Question 82

How many S3 buckets can I have per account by default?

Answer 82

100

Question 83

What is the general use case for S3 Transfer Acceleration?

Answer 83

Accelerating uploads to S3

Question 84

Where can S3 access logs be stored?

Answer 84

S3 Access logs sent to another bucket or even another bucket in another account.

Question 85

What does TTL stand for?

Answer 85

Time To Live

Question 86

When using Storage Volumes, how is data backed up to S3?

Answer 86

asynchronously, as EBS snapshots

Question 87

How can I restore a file if I went to “Actions -> Delete” on it in S3?

Answer 87

Delete the delete marker

Question 88

By default, are items automatically encrypted when they are stored in S3?

Answer 88

No, Default encryption is NOT enabled by default

Question 89

By default, is Transfer Acceleration enabled for a newly created S3 bucket?

Answer 89

No, by default, transfer acceleration is suspended in newly-created S3 buckets

Question 90

When creating a new S3 bucket, what bucket policies does it have by default?

Answer 90

None.

By default, bucket policy does not exist for newly created S3 buckets

Question 91

By default, is versioning enabled for newly created S3 buckets?

Answer 91

No

Question 92

What are the S3 bucket policies?

Answer 92

• Versioning
• Server Access Logging
• Static Website Hosting
• Object-Level Logging
• Tags
• Transfer Acceleration
• Events
• Requester Pays

_{(<a>https://docs.aws.amazon.com/AmazonS3/latest/user-guide/view-bucket-properties.html</a>)}

Question 93

When uploading objects, what prefix must all user-defined metadata have?

Answer 93

**x-amz-meta-**

Question 94

In the console, after enabling logging on a source bucket, what permission do you need to give the destination bucket to ensure that the logs can be written there?

Answer 94

You don’t have to do anything.

When you enable logging on a bucket, the console both enables logging on the source bucket and adds a grant in the target bucket’s access control list (ACL) granting write permission to the Log Delivery group.

_{(<a>https://docs.aws.amazon.com/AmazonS3/latest/dev/enable-logging-console.html</a>)}