S3 Flashcards
True or False: S3 is public by default and anyone can access any bucket.
False. S3 is private by default and only root user has access.
What is an S3 bucket policy?
An S3 bucket policy is a form of resource policy that can be attached to a bucket to control access to the bucket.
What is the principal key in a resource policy?
The key that tells us who is impacted by the policy.
What is an Access Control List?
Legacy form of bucket policy. Inflexible and simple permissions.
What is S3 Static Website Hosting?
Allows access to S3 objects via HTTP.
What is an index document?
An index document in static website hosting points to a specific object in a bucket.
What is an error document?
An error document is what is shown when there is a server wide error eg 404.
When might you want to use S3 static website hosting?
For offloading large amounts of data and for out of band pages.
What does versioning let you do?
Versioning allows you to create multiple versions of the same object within a bucket. Operations that modify an object would create a new object.
What metadata on an object atores the version number?
The id. Id is set to null without versioning, and highest id returns current version.
Why does versioning increase costs?
Space is taken up by all versions of an object.
What operations does MFA Delete apply to?
Changing bucket versioning state and deleting versions.
What is Multipart Upload?
Allows an object to be split up to up to 10,000 pieces when uploading to S3.
What is S3 Transfer Acceleration?
A system that uses AWS Edge networks in order for an object to be uploaded to a bucket.
What is KMS?
KMS = Key Management Service. It is regional, public, and allows for creation storage and management of encryption keys.
What level of security does KMS provide?
FIPS 140-2
What is a Customer Master Key?
A Customer Master Key (CMK) is the main thing KMS manages. It is backed by the physical encryption material and can encrypt up to 4 KB of data.
Are customer master keys generated by KMS or imported?
Both
What are Data Encryption Keys?
DEKs are generated by a CMK and used to encrypt more than 4 KB of data.
True or False: DEK is not stored by KMS
True. DEK is provided to you then discarded. You, or a service, does the data encryption.