S3

Question 1

What is an object in S3?

Answer 1

It is a file

Question 2

What is a bucket in S3?

Answer 2

It is a directory

Question 3

What are 2 things to remember when creating a new bucket?

Answer 3

• You must choose a globally unique name

- Buckets are defined at the region level

Question 4

What are 4 restrictions when choosing a bucket name?

Answer 4

• No uppercase
• No underscore
• 3-63 chars long
• Not an IP

Question 5

Are the really directories in S3?

Answer 5

No, the UI looks like it but there are only buckets and objects?

Question 6

How do we access Objects?

Answer 6

We use the Key

Question 7

What is the Object Key?

Answer 7

It is the full path after the bucket name

Example: s3://mybucket/

Question 8

What is the max size of an object?

Answer 8

The max size is 5TB

Question 9

What is the largest size that can be uploaded at once?

Answer 9

5GB

Question 10

How do I upload a 5TB object if the max to upload in one time is 5GB?

Answer 10

Use Multi-part upload

Question 11

Can I version my files in S3?

Answer 11

Yes

Question 12

How do I enable versioning?

Answer 12

Versioning is enabled at the bucket level

Question 13

Using versioning, what if I upload a new file using the same key?

Answer 13

It will not overwrite, it will create a new version of the file

Question 14

What are the 4 methods of encryption for S3?

Answer 14

• SSE-S3: encrypts objects using keys managed by AWS
• SSE-KMS: uses AWS Key Management Service to manage encryption keys
• SSE-C: manage your own encryption keys
• Client Side encryption

Question 15

How does SSE-S3 work?

Answer 15

Uses AWS keys to encrypt objects server side and uses the AES-256 encryption type

Question 16

What header must you set for SSE-S3?

Answer 16

“x-amz-server-side-encryption”: “AE256”

Question 17

How does SSE-KMS work?

Answer 17

Uses AWS Key Management Service keys to encrypt objects server side

Question 18

What are 2 advantages of using SSE-KMS?

Answer 18

• User control

- Audit Trail

Question 19

What header must you set for SSE-KMS?

Answer 19

“x-amz-server-side-encryption”: “aws:kms”

Question 20

How does SSE-C work?

Answer 20

Uses encryption keys fully managed by the user to encrypt server side

Question 21

Does S3 store my encryption key when using SSE-C?

Answer 21

No. The encryption key must be provided in the headers for every request

Question 22

Can I use HTTP or HTTPS with SSE-C?

Answer 22

You must use HTTPS

Question 23

How does Client Side Encryption work?

Answer 23

Client must handle the keys and encryption/decryption cycle themselves

Question 24

Are there any helpful libraries to use with Client Side Encryption?

Answer 24

Amazon S3 Encryption Client

Question 25

What is Encryption in flight known as?

Answer 25

SSL/TLS

Question 26

What are 2 options for S3 security?

Answer 26

• User based IAM policies

- Resource based bucket policies and ACLs

Question 27

What are 2 conditions that allow a principal to access an s3 object?

Answer 27

• The users IAM permissions allow it or the resource policy allows it
• And there is no explicit DENY

Question 28

What does an S3 website url look like?

Answer 28

bucketName.s3-website-us-east-1.amazonaws.com

Question 29

What should I do if my S3 static website returns 403?

Answer 29

Make sure the bucket policy allows public reads

Question 30

What is CORS?

Answer 30

Cross Origin Resource Sharing

Question 31

What is an origin?

Answer 31

It is a protocol, domain and port

Question 32

How can I resolve CORs issues?

Answer 32

The requests will be fulfilled when the origin allows it by setting the COORs headers.

Question 33

What are the CORs headers?

Answer 33

Access-Control-Allow-Origin

Question 34

What is the consistency model in S3?

Answer 34

It is now Strongly consistent