S3

Question 1

s3 bucket name

Answer 1

globally unique name

Question 2

Buckets are defined

Answer 2

region level

Question 3

key is the FULL path

Answer 3

• s3://my-bucket/my_file.txt

* s3://my-bucket/my_folder1/another_folder/my_file.txt

Question 4

key is composed of prefix + object name

Answer 4

s3://my-bucket/my_folder1/another_folder/my_file.txt

Question 5

Amazon S3 - Versioning

Answer 5

bucket level

Question 6

best practice to version your buckets

Answer 6

Protect against unintended deletes

Easy roll back to the previous version

Question 7

4 methods of encrypting objects in S3

Answer 7

SSE-S3: encrypts S3 objects using keys handled & managed by AWS

SSE-KMS: leverage AWS Key Management Service to manage encryption keys

SSE-C: when you want to manage your own encryption keys

Client-Side Encryption

Question 8

SSE-S3

Answer 8

keys handled & managed by Amazon S3
encrypted server-side

“x-amz-server-side-encryption”: “AES256”

Question 9

SSE-KMS

Answer 9

encryption using keys handled & managed by KMS

KMS Advantages: user control + audit trail

encrypted server-side

“x-amz-server-side-encryption”: ”aws:kms”

Question 10

SSE-C

Answer 10

server-side encryption
keys fully managed by the customer outside of AWS
S3 does not store the encryption key
HTTPS must be used

Question 11

Client Side Encryption

Answer 11

Encryption and decryption at client side

Question 12

HTTPS endpoint

Answer 12

encryption in flight

Question 13

Block public and cross-account access to buckets and objects
through any public bucket or access point policies

Why this default policy?

Answer 13

These settings were created to prevent company data leaks

Question 14

Pre-Signed URLs

Answer 14

Very useful for giving temporary access to users.

URLs that are valid only for a limited time (ex: premium video
service for logged in users)

Question 15

CORS fulfilled using header

Answer 15

CORS Headers (ex: Access-Control-Allow-Origin)

Question 16

S3 CORS

Answer 16

If a client does a cross-origin request on our S3 bucket, we need to enable the correct CORS headers.

You can allow for a specific origin or for * (all origins)

Question 17

Cross-Region Replication (CRR)

Answer 17

Use cases: compliance, lower latency access,

replication across accounts

Question 18

Upload Files in S3 glacier

Answer 18

you must either use the AWS CLI or write code to make requests, by using either the REST API directly or by using the Amazon SDKs

Question 19

What about the read-write consistency of S3??

Answer 19

Effective immediately, all S3 GET, PUT, and LIST operations, as well as operations that change object tags, ACLs, or metadata, are now strongly consistent.

What you write is what you will read, and the results of a LIST will be an accurate reflection of what’s in the bucket. This applies to all existing and new S3 objects, works in all regions, and is available to you at no extra charge!

Question 20

Comment on time limit of s3 presigned urls and its expiry

Answer 20

s3 presigned urls requires you to change your content urls.
The presigned urls expires after its defined expiration date.

IMP TO NOTE -> There is no feature of s3 signed cookies.

Question 21

CloudFront signed URLs

Answer 21

restrict access to individual files

Question 22

CloudFront signed cookies

Answer 22

Provide access to multiple signed cookies

Question 23

S3 consistency model

Answer 23

1) S3 provides a strong read after write consistency for PUTs and DELETEs.
2) Amazon S3 does not support object locking for concurrent writers.
3) If two put requests are made on the same key, the latest put request wins.
4) Bucket configurations have eventual consistency models like deleting a bucket or enabling versioning.

For more reading on it.
Read the AWS docs on the S3 consistency model.

Question 24

Amazon S3 now provides increased performance

Answer 24

3,500 requests per second to add data and 5,500 requests per second to retrieve data