S3 Flashcards
How can you store multiple editions of a file?
Through bucket versioning.
What kinds of encryption do exist for s3?
-SSE-S3
-SSE-KMS
SSE-C
How does SSe-S3 work?
User uploads object to s3 and provides a header for enabling encryption. Key is managed by s3.
How does SSE-KMS work?
Object is encrypted by a master key managed by kms
How does SSE-C work?
Object is encrypted by a cloent provided key.
How can you manage file access permissions in s3?
- user based with am
- resource based through access control lists
How does CORS work?
- The browser calls the origin url.
- The original content requires a foreign resource
- The browser sends a preflight request to the foreign server with the origin inside the header
- The foreign server answers with the allowed http methods for the denoted origin
- The browser requests the resource
How consistent is s3?
strongly consistent as of december 2020
How can you prevent unauthorised or accidential delete of objects?
through multi factor authentication (mfa)
How can you enforce encryption of objects?
use bucket policy and deny any put object call without encryption header
How can you monitor access to an s3 bucket
through access logs made to another s3 bucket
How can you introduce fault tolerance to an s3 bucket?
Through async cross region or same region replication.
You want a premium user to download a file from your bucket. How can you temporarily grant them access to the object?
Through presigned urls.
What storage classes are available in s3?
- Standard General Purpose (11 9 durability, 99.99 availability)
- Standard Infrequent access (9 9 durability, 99.9 availability)
- One Zone Infrequent access (data only in one az, 99.5 availability, 9 9 durability)
- Intelligent tiering (9 9 durability 99.99 availability, moves data between general and infrequent automatically, is multi az)
How can you move objects automatically between s3 classes?
Through lifecycle rules.
