S3

Question 1

True/false: S3 cross‐region replication uses transfer acceleration.

Answer 1

S3 cross‐region replication transfers objects between different buckets. Transfer acceleration uses a CloudFront edge location to speed up transfers between S3 and the Internet.

Question 2

True/false: If versioning is enabled on an S3 bucket, applying encryption to an unencrypted object in that bucket will create a new, encrypted version of that object.

Answer 2

True. Applying encryption to an unencrypted object will create a new, encrypted version of that object. Previous versions remain unencrypted.

Question 3

What are the typical use cases for S3?

Answer 3

• Maintain backup archives, log files, and DR images
• Running analytics on big data at rest
• Hosting static website

Question 4

What are the difference between object and block storage?

Answer 4

With block storage, data on a raw physical storage device is divided into individual blocks whose use is managed by a file system, such as NTFS, ext4.

An object storage provides what you can think of as a flat surface on which to store your data. This simple design avoids some of the OS-related complications of block storage.

Question 5

What is the metadata of an S3 object?

Answer 5

Metadata is made up of key-value pairs that establish system details like data permissions.

Metadata can only be set during object upload, and cannot be modified afterwards.

S3 object can have up to 2 KB of metadata.

Question 6

What is a S3 bucket?

Answer 6

S3 objects are organized in buckets.

S3 bucket and its content exists only within a single AWS region.

The name of the S3 bucket must be globally unique within the entire S3 system.

An AWS account can have a maximum of 100 buckets.

Question 7

How does the S3 object URL look like?

Answer 7

https: //s3.amazonaws.com//
s3: ///

Question 8

What is a S3 prefix and delimiter?

Answer 8

You can use prefixes and delimiter to organize the data that you store in Amazon S3 buckets.

For example, North America/Canada/Quebec/Montreal

Question 9

What is the size limit of S3 object?

Answer 9

S3 object can not be larger than 5 TB.

Individual upload can not be larger than 5 GB.

Question 10

How to upload large objects to S3?

Answer 10

Multipart Upload breaks a large object into multiple smaller parts and transmits them individually to their S3 target. If one transmission should fail, it can be repeated without impacting the others.

• Multipart Upload will be automatically used with AWS CLI or a high-level API.

Transfer Acceleration can speed up uploading large objects by routing uploads through geographically nearby AWS edge locations and from there, routed using Amazon’s internal network.

• Amazon S3 Transfer Acceleration Speed Comparison tool
• Special endpoint: .s3-accelerate.amazonaws.com

Question 11

What are the encryption options for S3 objects?

Answer 11

Server-side encryption:

• SSE-S3
• SSE-KMS
• SSE-C

Client-side encryption:
- can be done using an AWS KMS-Managed Customer Master Key

Question 12

Are S3 events logged by default?

Answer 12

No, S3 buckets can see a lot of activities, and not every use case justifies the log data that S3 can generate.

When you enable logging, you will need to specify both a source bucket and a target bucket. Optionally, you can also specify delimiters and prefixes to better identify and organize logs.

Question 13

What is S3 durability?

Answer 13

99.999999999% (11 nines)

If you have 10 million objects stored in S3, you can expect on average to lose 1 object every 10,000 years.

Question 14

What is S3 availability?

Answer 14

• S3 Standard: 99.99%
• S3 IA: 99.9%
• S3 One-Zone IA: 99.5%
• S3 Intelligent Tiering: 99.9%

Question 15

What is S3 consistency model?

Answer 15

S3 uses eventually consistency for updates and deletes, because S3 replicates data across multiple locations in a region.

You should expect a delay of two seconds or less for updates and deletes.

Because there isn’t risk of corruption when creating new objects, S3 provides read-after-write consistency for creation PUT operations.

Question 16

How do you manage the lifecycle of S3 objects?

Answer 16

• Versioning

- Lifecycle Management

Question 17

What are S3 lifecycle rule actions?

Answer 17

• Move current version
• Move non-current versions
• Expire current version
• Permanant delete non-current versions
• Delete expired object delete markers
• Delete incomplete multipart uploads

Question 18

What are the options to restrict access to S3?

Answer 18

• ACL rules (legacy)
• Bucket policies
• IAM policies

Question 19

When to use Bucket Policy to restrict access to S3?

Answer 19

Bucket policy makes sense when you want to control access to a single S3 bucket for multiple external accounts and users.

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“AWS”: [“arn:aws:iam::xxxxxxxxxxxx:root”,
“arn:aws:iam::xxxxxxxxxxxx:user/Steve”]
},
“Action”: “s3:”,
“Resource”: [“arn:aws:s3:::MyBucket”,
“arn:aws:s3:::MyBucket/”]
}
]
}

Question 20

When to use IAM Policy to restrict access to S3?

Answer 20

IAM policy exists at the account level, and makes sense when you want to control the way individual users and roles access multiple AWS resources, including S3.

{
  "Version": "2012-10-17",
  "Statement":[{
    "Effect": "Allow",
    "Action": "s3:*",
    "Resource": ["arn:aws:s3:::MyBucket",
                 "arn:aws:s3:::MyBucket/*"]
    }
  ]
}

Question 21

What is S3 Access Point?

Answer 21

S3 Access Points are unique hostnames that are created to enforce distinct permissions and network controls for any request made through the Access Point.

Question 22

What is S3 Pre-signed URL?

Answer 22

S3 Pre-signed URL provides temporary access to an object that’s otherwise private.

Question 23

What are the equivalents of bucket and object in Glacier?

Answer 23

Bucket => Vault

Object => Archive

Question 24

What are the storage tiers of Glacier?

Answer 24

• Glacier
• Glacier Deep Archive
• Glacier Instant Retrieval

Question 25

What are the retrieving tiers of Glacier?

Answer 25

• Glacier Standard
• Glacier Expedited
• Glacier Bulk
• Deep Archive Standard

Question 26

What are the difference between EFS and FSx?

Answer 26

EFS provides scalable and sharable file storage to Linux instances. EFS supports NFS.

FSx provides file share to Windows and Lustre. FSx supports SMB, NTFS, and Microsoft AD.

Question 27

What is AWS Storage Gateway?

Answer 27

AWS Storage Gateway provides on-premise applications with access to unlimited cloud storage.

Question 28

What is AWS Snowball?

Answer 28

AWS Snowball helps to migrate petabyte-scale data from on-premise to cloud.

Question 29

What is AWS DataSync?

Answer 29

AWS DataSync copies on-premise data to cloud over regular Internet connection.

AWS DataSync can handle transfer rates up to 10Gbps.

Question 30

What is the Static Web Hosting URL of S3 bucket?

Answer 30

http://.s3-website-.amazonaws.com

Question 31

Does S3 Static Web Hosting support HTTPS?

Answer 31

No

Question 32

What is default timeout of pre-signed url?

Answer 32

3600 seconds

Question 33

What is the maximum archive size in Glacier?

Answer 33

40 TB

Question 34

What are the key elements of a S3 object?

Answer 34

• Key (i.e. name)
• Value (i.e. file content)
• Metadata
• Version Number

Question 35

What is required to enable cross-region replication of S3 bucket?

Answer 35

Versioning.

Question 36

How can you schedule backups of EFS files?

Answer 36

Use AWS Backup Service.

Question 37

How can you schedule backups of EBS volumes?

Answer 37

Use AWS Data Lifecycle Manager to take snapshots of EBS volume on a regular basis.