S3 101

Question 1

What is the data consistency model in S3?

Answer 1

• Read After Write Consistency for PUTS of new objects
• Eventual Consistency (changes take some time to propagate) for overwrite PUTS and DELETES

Question 2

What is the availaility of S3-OneZone-IA?

Answer 2

99.50%

Question 3

What type of data is best stored in S3-IA?

Answer 3

S3-IA is best for data that is not accessed frequently, but requires rapid access when needed

Question 4

What are the key differences between S3-IA and S3 One Zone - IA?

Answer 4

Compared to S3-IA, S3 One Zone- IA has lower cost but less durability.

• S3 One Zone-IA is a lower-cost option for IA data
• S3 One Zone-IA does not give the multiple Availability Zone resilience of S3 Standard and S3 IA.

Question 5

What is S3 - Intelligent Tiering?

Answer 5

S3 Intelligent tiering uses ML and is designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. (Basically, it’s the autopilot mode for S3 tiering)

Question 6

What is S3 Glacier primarily used for?

Answer 6

S3 Glacier is mostly used for data archival at low-cost

Question 7

How long does it take to retrieve something from S3 Glacier?

Answer 7

Retrieval times from S3 Glacier are configurable and range from minutes to hours

Question 8

What is S3 Glacier Deep Archive?

Answer 8

S3 Glacier Deep Archive is S3’s lowest-cost storage class

Question 9

How long does it take to retrieve something from S3 Glacier Deep Archive?

Answer 9

S3 Glacier Deep Archive is for cases where a retrieval time of 12 hours is acceptable.

Question 10

What is Transfer Acceleration?

Answer 10

• Used for fast, easy, secure transfers over long distances between end user and an S3 bucket
• Uses CloudFront’s globally distributed edge locations: as data arrives at an edge location, data is routed to S3 over an optimized network path

Question 11

What is the format of the DNS name created for an S3 bucket in a specific region?

Answer 11

“http://s3.aws-region.amazonaws.com/bucketName”

OR

“http://bucketname.s3.aws-region.amazonaws.com”

_{(<a>https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro</a>)}

Question 12

How can I help, at a bucket-configuration level, to protect against someone going in and deleting data from S3?

Answer 12

Turn on MFA Delete

Question 13

What are the default access control permissions for newly created buckets?

Answer 13

By default, all newly created buckets are private

Question 14

Where can S3 access logs be stored?

Answer 14

S3 Access logs sent to another bucket or even another bucket in another account.

Question 15

In the context of S3, what does CRR stand for?

Answer 15

Cross-Region Replication

Question 16

Does Cross-Region Replication require bucket versioning?

Answer 16

Yes. Cross-region replication requires bucket versioning on both the source and destination buckets.

Question 17

When performing cross-region replication, what discrepancies will there be between the source and replication buckets?

Answer 17

• All file (versions) made before CRR was turned on are not automatically copied at creation
• Delete markers, deleted versions, and deletes of delete markers are NOT replicated

Question 18

When performing cross-region replication, what permissions – at the time of creation – are different between the source bucket and the destination bucket?

Answer 18

by default, there are NO differences between the source and replicated buckets

Question 19

When performing cross-region replication, what files – at the time of creation – are different between the source bucket and the destination bucket?

Answer 19

When using cross-region replication, files in an existing bucket are NOT replicated automatically.

Question 20

At a high level, how does S3 Transfer Acceleration work?

Answer 20

Instead of uploading directly to a bucket, the user utilizes a distinct (given) URL to upload to an edge location, which then transfers through Amazon Backbone and directly uploads to an S3 bucket

Question 21

What is the general use case for S3 Transfer Acceleration?

Answer 21

Accelerating uploads to S3

Question 22

What S3 functionalities would you want to use for restricting content access?

Answer 22

CloudFront Signed URLs and Cookies and S3 Signed URLs

Question 23

What is the key difference between a CloudFront Signed URL and a CloudFront Signed Cookie?

Answer 23

• A signed URL is for individual files (1 file = 1 URL)
• A signed cookie is for multiple files (1 cookie = multiple URLs)

Question 24

What can be included in the policy attached to a signed URL or signed cookie?

Answer 24

• URL expiration (how long it is validd)
• IP ranges
• Trusted Signers (which AWS accounts can create signed URLs)

Question 25

Can signed cookies handle RTMP distributions?

Answer 25

No

Question 26

Describe the process by which you get a CloudFront Signed URL

Answer 26

1. Client Authenticates and Authorizes to log in to the application
2. Application Uses CloudFront SDK to generate signed URL
3. Application Returns Signed URL to client
4. Client logs into Cloudfront using signed URL

Question 27

Can you use S3 Signed Cookies if your origin is in EC2?

Answer 27

No. If your origin is EC2, use CloudFront

Question 28

Can signed URLs handle RTMP distributions?

Answer 28

Yes

Question 29

What is Amazon Macie?

Answer 29

• Macie is a security service which uses ML and NLP to discover, classify, and protect sensitive data used in S3
• Can be used to analyze CloudTrail logs for suspicious API activity
• Includes Dashboards, Alerts, Monitoring
• Great for PCI-DSS complicance and preventing Identity Theft

Question 30

What does KMS stand for?

Answer 30

Key Management Service

Question 31

How many S3 buckets can I have per account by default?

Answer 31

100

Question 32

How can I restore a file if I went to “Actions -> Delete” on it in S3?

Answer 32

Delete the delete marker

Question 33

What are the S3 bucket policies?

Answer 33

• Versioning
• Server Access Logging
• Static Website Hosting
• Object-Level Logging
• Tags
• Transfer Acceleration
• Events
• Requester Pays

_{(<a>https://docs.aws.amazon.com/AmazonS3/latest/user-guide/view-bucket-properties.html</a>)}

Question 34

What is Expedieted Retrieval?

Answer 34

• Offered in Glacier Select
• Gets you your data in 1-5 minutes
• Costs about $0.03 per GB retrieved