S3 101 Flashcards

1
Q

What does S3 stand for?

A

Simple Storage Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is S3 used for?

A
  • S3 provides developers + IT teams w/ secure, durable, highly-scalable object storage.
  • retrieve and store any amount of data from anywhere on the web
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What type of storage does S3 use?

A

S3 uses Object-based storage – i.e. allows you to upload files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the maximum allowable storage you can have in S3 for a single object?

A
  • S3 files can be from 0 Bytes to 5 TB.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the maximum allowable storage you can have in S3 in total?

A

The total volume of data and number of objects you can store are unlimited

(Source: https://aws.amazon.com/s3/faqs/)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are S3 buckets? What are they used for?

A

S3 buckets store files. (Think of them like a file folder)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What type of namespace does S3 use?

A

S3 uses a universal namespace.

That is, names must be globally unique.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You go in to the AWS console and want to make a bucket called testbucket in the Japanese region. Why won’t AWS let you do this?

A

Bucket names are global, not regional.

testbucket is a common name and has already been taken by someone else

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When you successfully upload a file to S3, what will you receive back?

A

an HTTP 200 code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the components of an S3 object? What do each of these components represent?

A

An S3 object consists of the following:

  • Key (The name of the object)
  • Value (the data, made up of a sequence of bytes)
  • Version ID (Important for versioning/version control)
  • Metadata (data about data you are storing)
  • Subresources (Access Control Lists, Torrent)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the data consistency model in S3?

A
  • Read After Write Consistency for PUTS of new objects
  • Eventual Consistency (changes take some time to propagate) for overwrite PUTS and DELETES
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

For what % availability was the S3 platform built?

A

99.99%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What % availability does Amazon guarantee for S3 Standard?

A

99.9%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What % durability does Amazon guarantee for S3 Standard information?

A

99.999999999% durability (11 9’s)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the availaility of S3-OneZone-IA?

A

99.50%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the key features of S3?

A
  • Versioning
  • MFA Delete
  • Encryption
  • Lifecycle Management
  • Tiered Storage
  • Secure Data using Access Control Lists and Bucket Policies

(try the acronym V MELTS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the key features of S3 Standard?

A
  • 99.99% Avail
  • 11 9’s Durability
  • Redundancy Stored redundantly across multiple devices in multiple facilities,
  • designed to sustain the loss of 2 facilities concurrently
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does the “IA” stand for in S3-IA?

A

Infrequently Accessed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What type of data is best stored in S3-IA?

A

S3-IA is best for data that is not accessed frequently, but requires rapid access when needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the pricing structure of S3-IA? Specifically, how does it differ from that of S3 Standard?

A
  • S3-IA has a lower base storage fee than S3 Standard.
  • However, S3-IA charges a retrieval fee.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the key differences between S3-IA and S3 One Zone - IA?

A

Compared to S3-IA, S3 One Zone- IA has lower cost but less durability.

  • S3 One Zone-IA is a lower-cost option for IA data
  • S3 One Zone-IA does not give the multiple Availability Zone resilience of S3 Standard and S3 IA.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is S3 - Intelligent Tiering?

A

S3 Intelligent tiering uses ML and is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. (Basically, it’s the autopilot mode for S3 tiering)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How does the pricing model work for S3 Intelligent Tiering

A

Very similar to S3 Standard EXCEPT

  • you have access to IA which is less expensive
  • There is a monitoring / automation cost per thousand objects per month
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is S3 Glacier primarily used for?

A

S3 Glacier is mostly used for data archival at low-cost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

How long does it take to retrieve something from S3 Glacier?

A

Retrieval times from S3 Glacier are configurable and range from minutes to hours

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is S3 Glacier Deep Archive?

A

S3 Glacier Deep Archive is S3’s lowest-cost storage class

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

How long does it take to retrieve something from S3 Glacier Deep Archive?

A

S3 Glacier Deep Archive is for cases where a retrieval time of 12 hours is acceptable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What are the areas on which you are charged for using S3?

A
  • Storage (amount you are storing)
  • Requests
  • Storage Management Pricing (Tier)
  • Data Transfer
  • Transfer Acceleration
  • Cross - Region Replication
29
Q

What is Transfer Acceleration?

A
  • Used for fast, easy, secure transfers over long distances between end user and an S3 bucket
  • Uses CloudFront’s globally distributed edge locations: as data arrives at an edge location, data is routed to S3 over an optimized network path
30
Q

What is the format of the DNS name created for an S3 bucket in a specific region?

A

“http://s3.aws-region.amazonaws.com/bucketName

OR

“http://bucketname.s3.aws-region.amazonaws.com”

(<a>https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro</a>)

31
Q

How do you install an operating system on S3?

A

You can’t

S3 is NOT suitable to install an operating system on.

32
Q

How can I help, at a bucket-configuration level, to protect against someone going in and deleting data from S3?

A

Turn on MFA Delete

33
Q

What are the default access control permissions for newly created buckets?

A

By default, all newly created buckets are private

34
Q

How can I set up my S3 bucket to log all requests made to it?

A

S3 buckets can be configured to create access logs, which log all requests made to the S3 bucket.

35
Q

Where can S3 access logs be stored?

A

S3 Access logs sent to another bucket or even another bucket in another account.

36
Q

In the context of S3, what does CRR stand for?

A

Cross-Region Replication

37
Q

Does Cross-Region Replication require bucket versioning?

A

Yes. Cross-region replication requires bucket versioning on both the source and destination buckets.

38
Q

When performing cross-region replication, what discrepancies will there be between the source and replication buckets?

A
  • All file (versions) made before CRR was turned on are not automatically copied at creation
  • Delete markers, deleted versions, and deletes of delete markers are NOT replicated
39
Q

When performing cross-region replication, what permissions – at the time of creation – are different between the source bucket and the destination bucket?

A

by default, there are NO differences between the source and replicated buckets

40
Q

When performing cross-region replication, what files – at the time of creation – are different between the source bucket and the destination bucket?

A

When using cross-region replication, files in an existing bucket are NOT replicated automatically.

41
Q

At a high level, how does S3 Transfer Acceleration work?

A

Instead of uploading directly to a bucket, the user utilizes a distinct (given) URL to upload to an edge location, which then transfers through Amazon Backbone and directly uploads to an S3 bucket

42
Q

What is the general use case for S3 Transfer Acceleration?

A

Accelerating uploads to S3

43
Q

By default, is Transfer Acceleration enabled for a newly created S3 bucket?

A

No, by default, transfer acceleration is suspended in newly-created S3 buckets

44
Q

What S3 functionalities would you want to use for restricting content access?

A

CloudFront Signed URLs and Cookies and S3 Signed URLs

45
Q

What is the key difference between a CloudFront Signed URL and a CloudFront Signed Cookie?

A
  • A signed URL is for individual files (1 file = 1 URL)
  • A signed cookie is for multiple files (1 cookie = multiple URLs)
46
Q

What can be included in the policy attached to a signed URL or signed cookie?

A
  • URL expiration (how long it is validd)
  • IP ranges
  • Trusted Signers (which AWS accounts can create signed URLs)
47
Q

Can signed cookies handle RTMP distributions?

A

No

48
Q

What does OAI stand for?

A

Origin Access Identity

49
Q

Describe the process by which you get a CloudFront Signed URL

A
  1. Client Authenticates and Authorizes to log in to the application
  2. Application Uses CloudFront SDK to generate signed URL
  3. Application Returns Signed URL to client
  4. Client logs into Cloudfront using signed URL
50
Q

Can you use S3 Signed Cookies if your origin is in EC2?

A

No. If your origin is EC2, use CloudFront

51
Q

Can signed URLs handle RTMP distributions?

A

Yes

52
Q

What is Amazon Snowball used for?

A

BIG data Transfers into and out of AWS, including importing to and exporting from S3

53
Q

What is Amazon Athena? What is it commonly used for?

A
  • Athena is an interactive query service that allows you to query data located in S3 using SQL
  • Commonly used to analyse log data stored in S3
54
Q

Is Amazon Athena Serverless?

A

Yes

55
Q

What does PII stand for?

A

Personally Identifiable Information

56
Q

What is Amazon Macie?

A
  • Macie is a security service which uses ML and NLP to discover, classify, and protect sensitive data used in S3
  • Can be used to analyze CloudTrail logs for suspicious API activity
  • Includes Dashboards, Alerts, Monitoring
  • Great for PCI-DSS complicance and preventing Identity Theft
57
Q

What does KMS stand for?

A

Key Management Service

58
Q

How many S3 buckets can I have per account by default?

A

100

59
Q

How can I restore a file if I went to “Actions -> Delete” on it in S3?

A

Delete the delete marker

60
Q

By default, are items automatically encrypted when they are stored in S3?

A

No, Default encryption is NOT enabled by default

61
Q

When creating a new S3 bucket, what bucket policies does it have by default?

A

None.

By default, bucket policy does not exist for newly created S3 buckets

62
Q

By default, is versioning enabled for newly created S3 buckets?

A

No

63
Q

What are the S3 bucket properties?

A
  • Versioning
  • Server Access Logging
  • Static Website Hosting
  • Object-Level Logging
  • Tags
  • Transfer Acceleration
  • Events
  • Requester Pays

(<a>https://docs.aws.amazon.com/AmazonS3/latest/user-guide/view-bucket-properties.html</a>)

64
Q

When uploading objects, what prefix must all user-defined metadata have?

A

**x-amz-meta-**

65
Q

In the console, after enabling logging on a source bucket, what permission do you need to give the destination bucket to ensure that the logs can be written there?

A

You don’t have to do anything.

When you enable logging on a bucket, the console both enables logging on the source bucket and adds a grant in the target bucket’s access control list (ACL) granting write permission to the Log Delivery group.

(<a>https://docs.aws.amazon.com/AmazonS3/latest/dev/enable-logging-console.html</a>)

66
Q

When editing Amazon S3 bucket permissions (policies and ACLs), to whom does the concept of the “resource owner” refer?

A

The “resource owner” refers to the AWS account that creates Amazon S3 buckets and objects.

67
Q

What is Expedieted Retrieval?

A
  • Offered in Glacier Select
  • Gets you your data in 1-5 minutes
  • Costs about $0.03 per GB retrieved
68
Q

Does AWS automatically delete incomplete multi-part uploads?

A

No