S3

Question 1

What feature can you use to be notified is someone unarchived a file from Glacier?

Answer 1

Set up an S3 notification

Question 2

What are the S3 Classes from most expensive to least expensive?

Answer 2

1. S3 Standard - most workloads
2. S3 IA - Infrequently accessed - backups, disaster recover files etc.
3. S3 One-zone IA - Same as above, but only one AZ - noncritical
4. S3 Intelligent Tiering - unknown access patterns
5. S3 Glacier. long term, minutes or hrs access, a retrieval fee
6. S3 Glacier deep archive - long-term, 12h+ access

Question 3

What is the size range of S3 Files

Answer 3

0 bytes to 5Tb

Question 4

What are the parts of File Object stored in S3

Answer 4

1. Key
2. Value
3. Version ID (when versioning is enabled)
4. Metadata

Question 5

What is the

1. durability of S3
2. availability of S3

Answer 5

1. 11 9’s
2. 99.95% - 99.99%

Question 6

What is the

1. durability of S3
2. availability of S3

Answer 6

1. 11 9’s
2. 99.95% - 99.99%

Question 7

Whats the use case of S3 Standard

Answer 7

• Most frequently used
• Accessed often
• Highly durable

Question 8

What methods can you use to secure your data stored in an S3 bucket?

Answer 8

1. Server Side Encryption
2. Access Control Lists (which groups have access and what they have access to
3. Bucket policies

Question 9

Down to what level can you assign Access Control Lists?

Answer 9

Object level within a bucket

Question 10

What consistency model does S3 utilize?

Answer 10

Strong read-after-write

Question 11

What can you NOT use S3 for?

Answer 11

• No operating system
• No database

Question 12

With S3 Versioning enabled, how can you provide extra security against deletion

Answer 12

Enable two factor authentication for deleting objects

Question 13

When using S3 with versioning, How do you restore a deleted Version ?

Answer 13

Delete the delete marker

Question 14

When using S3 Versioning what happens when you delete a version?

Answer 14

A delete marker is added.

Question 15

Does each version of an object in S3 have its own URL?

Answer 15

Yes

Question 16

Can you disable versioning in S3?

Answer 16

No, once enabled you can only suspend it.

Question 17

What does lifecycle do for S3?

Answer 17

Allows you to transition objects (or delete them) to cheaper tiers. You can only go from more to less expensive, not the reverse.

Question 18

Can S3 Lifecycle work with versioning? What is an example of that?

Answer 18

Yes. You can move previous versions of an object to a cheaper tier

Question 19

(S3 Object Lock) What is WORM

Answer 19

Write Once Read Many - Helps you prevent the deletion or modification of an object for a fixed time or indefinitely.

Question 20

What is S3 Object Lock?

Answer 20

Allows you to force the retention of S3 Object to meet regulatory requirements or governance requirements

Question 21

What are the two modes of S3 Object Lock

Answer 21

1. Governance Mode - Only the root user can alter or delete a file
2. Compliance Mode - No one, not even root can alter modify or delete an object for a period of time

Question 22

What is the retention period in S3 Object Lock

Answer 22

Tells you how long the object lock is in effect

Question 23

What is a “Legal Hold”?

Answer 23

It’s an object lock with no retention period. It has to be removed.

Question 24

What is Glacier Vault Lock

Answer 24

It’s S3 Vault Lock for Glacier.

Question 25

What kinds of encryption can we use for S3

Answer 25

1. Encryption in Transit
   
   1. HTTPS
   2. SSL
2. Encryption at rest
   
   1. Server Side Encryption
      
      1. SSE-S3 - S3 manages it
      2. SSE-KMS - KMS manages the encryption
      3. SSE-C - Customer manages
   2. Client side - the customer deals with it.

Question 26

How can you enforce server-side encryption?

Answer 26

1. On the console
2. Using bucket policies

Question 27

What parameter should you look for when dealing with enforcing server-side encryption

Answer 27

• x-amz-server-side-encryption (AES256 or KMS)
• The policy would look for this parameter that denies put requests without this parameter in the header

Question 28

What is an S3 Prefix?

Answer 28

Its a subfolder in a bucket.

Question 29

How can you speed up reads using prefixes?

Answer 29

• Upload to multiple folders
• Each one has a capacity of 3500 PUTS/POSTS/DELETES per second, 5500 GETS per second
• Spread the reads across prefixes!

Question 30

How would you optimize a large 5gb upload?

Answer 30

Use multipart upload

Question 31

When using SSE-KME, What are the limits in KMS?

Answer 31

• Depends on the region.
• Cannot increase this
• 5,500-30,000 requests per second

Question 32

for what size objects is multi part upload recommended? Required?

Answer 32

• Recommended 100mb+
• Required over 5gb

Question 33

Other than prefixes, how can you optimize your downloads?

Answer 33

Use byte-range fetches

Question 34

Can you replicate within an S3 region?

Answer 34

Yes. It used to be called cross-region replication but no more.

Question 35

Whats required to leverage S3 replication?

Answer 35

Versioning in the source and destination?

Question 36

Do existing objects get replicated when you turn on replication?

Answer 36

No

Question 37

Are delete markers replicated?

Answer 37

Nope

Question 38

How do you add https to an S3 hosted static website?

Answer 38

Use CloudFront which uses HTTPS natively.

Question 39

What 3 destinations are supported with S3 notifications?

Answer 39

• SQS Queue
• SNS Topic
• Lambda Function

Question 40

What are valid destinations for S3 notifications?

Answer 40

• SQS
• Lambda
• SNS