S3 Flashcards
What is Snowball?
Snowball Is a secure portable device used to transfer huge amount of data in & out of AWS.
What is S3 Availability?
99.99%
How to securely store objects in a bucket?
To securely store objects in a S3 bucket we have to use “Encryption at rest”.
What is Governance Mode
In governance mode User cant overwrite or delete a version or alter lock settings without special permissions.
How AWS implement Transfer Acceleration?
Transfer Acceleration is implemented using aws CloudFront service through edge locations.
What is Cross Region Replication in S3
Cross region replication means transfer of s3 object from one region to another.
In what scenario we can use S3 Standard tire
In S3 Standard Tier Data stored will be frequently accessed.
Data is be stored redundant on multiple facility to withstand 2 facility loss.”
What is S3 object Lock
S3 Object Lock achieve WORM based storage model.
S3 Object Lock prevent objects from delete / overwrite for a fixed amount of time or indefinitely.
What are the two S3 Object Lock Modes:
Governance Mode
Compliance Mode
Can we move one file version to another s3 tier?
Yes; S3 life cycle mgt support Versioning ; we can transfer certain files version to another s3 tier.
What is Storage Gateway?
Storage gateway connect on-premise IT application with AWS Storage.
In what scenarios we can use S3-IA
In S3 IA Data stored will be infrequently accessed.
Data is be stored redundant on multiple facility to withstand 2 facility loss.”
what is the max size of s3 object
5 TB
What is CloudFront - Distribution
Cloud front distribution is a CDN - Collection of Edge Location
Can we see who accessed s3 objects?
yes s3 can maintain access log for who access the objects.
What is AWS Organizations?
AWS Organization is an Account Management service.
It helps us combine multiple AWS accounts into an organization.
if new bucket is created; does every one have access?
No; In new bucket Block public access will be enabled by default.
What is S3 Byte range Fetches?
S3 Byte range Fetches allows you to download huge files from S3.
It downloads huge files parallelly by specifying byte range.
This improves download performance to a greater extent.
If there is any failure it would be only specific byte range.”
What is Compliance Mode
In compliance mode Even Root User cant overwrite or delete a version or alter lock settings.
What is min retrieval time for S3 Glacier?
For S3 glacier Min retrieval time is 1 min to 1 hr
What are the S3 limitations on KMS?
We use AWS KMS service to encrypt S3 object at rest; We call AWS KMS service every time during upload/download.
AWS KMS service has max request limits per second at regional level.
Like 5500,10000 & 30000 etc.
You cant increase request limits.”
In what scenarios we can use S3 Glacier
S3 Glacier is Used for cheap data archive
What is CloudFront - Origin
Cloud front origin is the Source location of file that CDN distribute;
Origin can be S3 Bucket, EC2, Elastic Load Balancer or Route 53”
How to restrict public access for all objects in a bucket?
To restrict public access we have to use “Block Public Access” option at bucket level.
What is Glacier Vault Lock
Glacier Vault Lock allows you to place compliance controls for individual Glacier object
What is Management Account?
In AWS Organization Management Account manages billing & payment of multiple member accounts.
It does not have any access to any service
In what scenarios we can use S3 Glacier Deep Archive
S3 Glacier Deep Archive is Used for much cheaper data archives.
What is S3 Prefixes?
S3 Prefixes are similar to a directory names.
This enables you to group similar objects together in a bucket.
If you read from 2 folder; you can achieve 11000 request per second.
If you read from 4 folder; you can achieve 22000 request per second.”
In what scenarios we can use S3 Intelligent Tiering
S3 intelligent tier is used to optimize cost by moving data to cheaper tier according to usage.
How to maintain all file modification for objects in a bucket?
To maintain all file modification of S3 objetcs we have to use “Versioning” option.
What is snowmobile?
Snow mobile is a hexabyte scale data transfer.
What is S3 Select?
“S3 select allows you to run sql query directly on S3 objects.
we can download specific set of object from S3.
Using S3 Select we can achieve 400% performance increase
How Encryption at rest is achieved?
“S3 keys
AWS KMS
Customer keys
Client side encryption”
3 ways to share S3 bucket across accounts?
- Bucket Policy & IAM - Programmatic Access
- ACL & IAM - Programmatic Access
- Cross Account IAM Roles - Programmatic Access & Console Access”
What is CloudFront - RTMP
Cloud front RTMP is Used for media streaming
What is a S3 bucket
S3 bucket is the place where objects are stored;
In S3 how the objects are stored?
Objects are stored in buckets
What is Athena?
Athena Allows you to query data using sql directly on S3
if you upload a object in S3 what would be the response
HTTP 200 Status code
How to improve S3 Upload performance?
“if you have a big file to upload in to S3;we have to split the file & upload parallelly; rather than single file upload.
This improves upload performance to a greater extent.
It is recommended for files >100 mb.
It is required for files > 5 gb.”
Can we have common name across all S3 bucket
No; Every bucket name should be unique at global level
What are S3 Tiers?
"S3 Standard S3 IA S3 ONCE ZONE IA S3 INTELLIGENT TIER S3 GLACIER S3 GLACIER DEEP ARCHIVE"
What is Legal Hold?
“S3 object lock allows you to place a legal hold on specific version; once placed object cant be modified or deleted until revoked.
There is no specific time period for legal hold like retention period.”
How Encryption in transit is achieved?
SSL/TSL
What are S3 object properties
Key Value Version ID Metadata Sub resources: Access control List & Torrent"
what is min size of s3 object
0 bytes
Bucket is blocked from public can we enable public access for a specific file?
No; you have to enable public access for bucket then only we can enable public access for individual files.
In what scenarios we can use S3 One Zone IA
In S3 one zone AI Data stored will be infrequently accessed.
Data will not be stored redundant on multiple facility.”
S3 abbreviation
Simple storage service
Can we disable versioning?
no versioning can only be suspended.
How’s to secure S3 object versions from delete?
we can enable MFA for version delete.
What are S3 Features?
"Tiered Storage Lifecycle Mgt Versioning Encryption MFA Delete Secure data using - Access Control List & Bucket Policy"
What is S3 Life cycle rules?
S3 life cycle rules is a set of instructions using which we can move S3 objects between S3 tiers.
On what basis AWS charge for S3 Service?
"Storage No of Request Data Transfer Transfer Acceleration Cross Region Replication"
Does each version has different access rules?
yes each version has its own access policies. By default latest file rules does not apply to other versions.
What is CloudFront - Signed URL
Cloud front signed URL IS Used for authentication & authorization of content
1 authentication URL 1 object”
How to control S3 bucket access?
- Bucket policy
2. access control list
What is S3 Data Consistence model?
S3 Data Consistence model is Read after write consistency
In case of any overwrite or delete of an existing object, any subsequent read request immediately receives the latest version of the object.”
What is Consolidated Billing?
AWS Organization Consolidated Billing allows us to Combine billing & payment of multiple AWS accounts.
AWS Organization management account pays for all member accounts.
What is Macie?
Macie Allows you to protect sensitive data stored in S3
What is Retention period?
“Retention period protect an S3 object version for a fixed amount of time.
When you place a retention period on a object version;
S3 store a time stamp on version metadata to indicate the retention expiry; after that data version can be modified or deleted.”
What is CloudFront - Cookie
Cloud front cookie are Used for authentication & authorization of content
1 authentication cookie can be used for many object”
What is Glacier Select?
Glacier select allows you to run SQL query directly on Glacier objects.
You can download specific set of data from Glacier.
What is S3
S3 is a object storage service.
What is snowball Edge?
Snowball edge has compute capability in addition to Storage
if we transfer files from one bucket to another do we maintain the same security details
Yes.
What is CloudFront - Web Distribution
Cloud front web distribution is Used for website
What is min retrieval time for S3 Glacier Deep Archive?
S3 Glacier Deep Archive retrieval time is 12 Hrs
What is AWS Data Sync?
AWS Data Sync seamlessly sync data between on-premise server & AWS S3 / EFS / FSx
What is CloudFront - Edge Location
AWS CloudFront - Edge Location is where data is cached & used for CDN;
This is separate from Region & AZ.