S3 101 Flashcards
What is the data consistency model in S3?
- Read After Write Consistency for PUTS of new objects
- Eventual Consistency (changes take some time to propagate) for overwrite PUTS and DELETES
What is the availaility of S3-OneZone-IA?
99.50%
What type of data is best stored in S3-IA?
S3-IA is best for data that is not accessed frequently, but requires rapid access when needed
What are the key differences between S3-IA and S3 One Zone - IA?
Compared to S3-IA, S3 One Zone- IA has lower cost but less durability.
- S3 One Zone-IA is a lower-cost option for IA data
- S3 One Zone-IA does not give the multiple Availability Zone resilience of S3 Standard and S3 IA.
What is S3 - Intelligent Tiering?
S3 Intelligent tiering uses ML and is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. (Basically, it’s the autopilot mode for S3 tiering)
What is S3 Glacier primarily used for?
S3 Glacier is mostly used for data archival at low-cost
How long does it take to retrieve something from S3 Glacier?
Retrieval times from S3 Glacier are configurable and range from minutes to hours
What is S3 Glacier Deep Archive?
S3 Glacier Deep Archive is S3’s lowest-cost storage class
How long does it take to retrieve something from S3 Glacier Deep Archive?
S3 Glacier Deep Archive is for cases where a retrieval time of 12 hours is acceptable.
What is Transfer Acceleration?
- Used for fast, easy, secure transfers over long distances between end user and an S3 bucket
- Uses CloudFront’s globally distributed edge locations: as data arrives at an edge location, data is routed to S3 over an optimized network path
What is the format of the DNS name created for an S3 bucket in a specific region?
“http://s3.aws-region.amazonaws.com/bucketName”
OR
“http://bucketname.s3.aws-region.amazonaws.com”
(<a>https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro</a>)
How can I help, at a bucket-configuration level, to protect against someone going in and deleting data from S3?
Turn on MFA Delete
What are the default access control permissions for newly created buckets?
By default, all newly created buckets are private
Where can S3 access logs be stored?
S3 Access logs sent to another bucket or even another bucket in another account.
In the context of S3, what does CRR stand for?
Cross-Region Replication
Does Cross-Region Replication require bucket versioning?
Yes. Cross-region replication requires bucket versioning on both the source and destination buckets.
When performing cross-region replication, what discrepancies will there be between the source and replication buckets?
- All file (versions) made before CRR was turned on are not automatically copied at creation
- Delete markers, deleted versions, and deletes of delete markers are NOT replicated
When performing cross-region replication, what permissions – at the time of creation – are different between the source bucket and the destination bucket?
by default, there are NO differences between the source and replicated buckets
When performing cross-region replication, what files – at the time of creation – are different between the source bucket and the destination bucket?
When using cross-region replication, files in an existing bucket are NOT replicated automatically.
At a high level, how does S3 Transfer Acceleration work?
Instead of uploading directly to a bucket, the user utilizes a distinct (given) URL to upload to an edge location, which then transfers through Amazon Backbone and directly uploads to an S3 bucket
What is the general use case for S3 Transfer Acceleration?
Accelerating uploads to S3
What S3 functionalities would you want to use for restricting content access?
CloudFront Signed URLs and Cookies and S3 Signed URLs
What is the key difference between a CloudFront Signed URL and a CloudFront Signed Cookie?
- A signed URL is for individual files (1 file = 1 URL)
- A signed cookie is for multiple files (1 cookie = multiple URLs)
What can be included in the policy attached to a signed URL or signed cookie?
- URL expiration (how long it is validd)
- IP ranges
- Trusted Signers (which AWS accounts can create signed URLs)
Can signed cookies handle RTMP distributions?
No
Describe the process by which you get a CloudFront Signed URL
- Client Authenticates and Authorizes to log in to the application
- Application Uses CloudFront SDK to generate signed URL
- Application Returns Signed URL to client
- Client logs into Cloudfront using signed URL
Can you use S3 Signed Cookies if your origin is in EC2?
No. If your origin is EC2, use CloudFront
Can signed URLs handle RTMP distributions?
Yes
What is Amazon Macie?
- Macie is a security service which uses ML and NLP to discover, classify, and protect sensitive data used in S3
- Can be used to analyze CloudTrail logs for suspicious API activity
- Includes Dashboards, Alerts, Monitoring
- Great for PCI-DSS complicance and preventing Identity Theft
What does KMS stand for?
Key Management Service
How many S3 buckets can I have per account by default?
100
How can I restore a file if I went to “Actions -> Delete” on it in S3?
Delete the delete marker
What are the S3 bucket policies?
- Versioning
- Server Access Logging
- Static Website Hosting
- Object-Level Logging
- Tags
- Transfer Acceleration
- Events
- Requester Pays
(<a>https://docs.aws.amazon.com/AmazonS3/latest/user-guide/view-bucket-properties.html</a>)
What is Expedieted Retrieval?
- Offered in Glacier Select
- Gets you your data in 1-5 minutes
- Costs about $0.03 per GB retrieved
