S3 Flashcards

1
Q

What feature can you use to be notified is someone unarchived a file from Glacier?

A

Set up an S3 notification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the S3 Classes from most expensive to least expensive?

A
  1. S3 Standard - most workloads
  2. S3 IA - Infrequently accessed - backups, disaster recover files etc.
  3. S3 One-zone IA - Same as above, but only one AZ - noncritical
  4. S3 Intelligent Tiering - unknown access patterns
  5. S3 Glacier. long term, minutes or hrs access, a retrieval fee
  6. S3 Glacier deep archive - long-term, 12h+ access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the size range of S3 Files

A

0 bytes to 5Tb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the parts of File Object stored in S3

A
  1. Key
  2. Value
  3. Version ID (when versioning is enabled)
  4. Metadata
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the

  1. durability of S3
  2. availability of S3
A
  1. 11 9’s
  2. 99.95% - 99.99%
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the

  1. durability of S3
  2. availability of S3
A
  1. 11 9’s
  2. 99.95% - 99.99%
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Whats the use case of S3 Standard

A
  • Most frequently used
  • Accessed often
  • Highly durable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What methods can you use to secure your data stored in an S3 bucket?

A
  1. Server Side Encryption
  2. Access Control Lists (which groups have access and what they have access to
  3. Bucket policies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Down to what level can you assign Access Control Lists?

A

Object level within a bucket

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What consistency model does S3 utilize?

A

Strong read-after-write

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What can you NOT use S3 for?

A
  • No operating system
  • No database
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

With S3 Versioning enabled, how can you provide extra security against deletion

A

Enable two factor authentication for deleting objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When using S3 with versioning, How do you restore a deleted Version ?

A

Delete the delete marker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When using S3 Versioning what happens when you delete a version?

A

A delete marker is added.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Does each version of an object in S3 have its own URL?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Can you disable versioning in S3?

A

No, once enabled you can only suspend it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does lifecycle do for S3?

A

Allows you to transition objects (or delete them) to cheaper tiers. You can only go from more to less expensive, not the reverse.

18
Q

Can S3 Lifecycle work with versioning? What is an example of that?

A

Yes. You can move previous versions of an object to a cheaper tier

19
Q

(S3 Object Lock) What is WORM

A

Write Once Read Many - Helps you prevent the deletion or modification of an object for a fixed time or indefinitely.

20
Q

What is S3 Object Lock?

A

Allows you to force the retention of S3 Object to meet regulatory requirements or governance requirements

21
Q

What are the two modes of S3 Object Lock

A
  1. Governance Mode - Only the root user can alter or delete a file
  2. Compliance Mode - No one, not even root can alter modify or delete an object for a period of time
22
Q

What is the retention period in S3 Object Lock

A

Tells you how long the object lock is in effect

23
Q

What is a “Legal Hold”?

A

It’s an object lock with no retention period. It has to be removed.

24
Q

What is Glacier Vault Lock

A

It’s S3 Vault Lock for Glacier.

25
Q

What kinds of encryption can we use for S3

A
  1. Encryption in Transit
    1. HTTPS
    2. SSL
  2. Encryption at rest
    1. Server Side Encryption
      1. SSE-S3 - S3 manages it
      2. SSE-KMS - KMS manages the encryption
      3. SSE-C - Customer manages
    2. Client side - the customer deals with it.
26
Q

How can you enforce server-side encryption?

A
  1. On the console
  2. Using bucket policies
27
Q

What parameter should you look for when dealing with enforcing server-side encryption

A
  • x-amz-server-side-encryption (AES256 or KMS)
  • The policy would look for this parameter that denies put requests without this parameter in the header
28
Q

What is an S3 Prefix?

A

Its a subfolder in a bucket.

29
Q

How can you speed up reads using prefixes?

A
  • Upload to multiple folders
  • Each one has a capacity of 3500 PUTS/POSTS/DELETES per second, 5500 GETS per second
  • Spread the reads across prefixes!
30
Q

How would you optimize a large 5gb upload?

A

Use multipart upload

31
Q

When using SSE-KME, What are the limits in KMS?

A
  • Depends on the region.
  • Cannot increase this
  • 5,500-30,000 requests per second
32
Q

for what size objects is multi part upload recommended? Required?

A
  • Recommended 100mb+
  • Required over 5gb
33
Q

Other than prefixes, how can you optimize your downloads?

A

Use byte-range fetches

34
Q

Can you replicate within an S3 region?

A

Yes. It used to be called cross-region replication but no more.

35
Q

Whats required to leverage S3 replication?

A

Versioning in the source and destination?

36
Q

Do existing objects get replicated when you turn on replication?

A

No

37
Q

Are delete markers replicated?

A

Nope

38
Q

How do you add https to an S3 hosted static website?

A

Use CloudFront which uses HTTPS natively.

39
Q

What 3 destinations are supported with S3 notifications?

A
  • SQS Queue
  • SNS Topic
  • Lambda Function
40
Q

What are valid destinations for S3 notifications?

A
  • SQS
  • Lambda
  • SNS