S3 Flashcards
True/false: S3 cross‐region replication uses transfer acceleration.
S3 cross‐region replication transfers objects between different buckets. Transfer acceleration uses a CloudFront edge location to speed up transfers between S3 and the Internet.
True/false: If versioning is enabled on an S3 bucket, applying encryption to an unencrypted object in that bucket will create a new, encrypted version of that object.
True. Applying encryption to an unencrypted object will create a new, encrypted version of that object. Previous versions remain unencrypted.
What are the typical use cases for S3?
- Maintain backup archives, log files, and DR images
- Running analytics on big data at rest
- Hosting static website
What are the difference between object and block storage?
With block storage, data on a raw physical storage device is divided into individual blocks whose use is managed by a file system, such as NTFS, ext4.
An object storage provides what you can think of as a flat surface on which to store your data. This simple design avoids some of the OS-related complications of block storage.
What is the metadata of an S3 object?
Metadata is made up of key-value pairs that establish system details like data permissions.
Metadata can only be set during object upload, and cannot be modified afterwards.
S3 object can have up to 2 KB of metadata.
What is a S3 bucket?
S3 objects are organized in buckets.
S3 bucket and its content exists only within a single AWS region.
The name of the S3 bucket must be globally unique within the entire S3 system.
An AWS account can have a maximum of 100 buckets.
How does the S3 object URL look like?
https: //s3.amazonaws.com//
s3: ///
What is a S3 prefix and delimiter?
You can use prefixes and delimiter to organize the data that you store in Amazon S3 buckets.
For example, North America/Canada/Quebec/Montreal
What is the size limit of S3 object?
S3 object can not be larger than 5 TB.
Individual upload can not be larger than 5 GB.
How to upload large objects to S3?
Multipart Upload breaks a large object into multiple smaller parts and transmits them individually to their S3 target. If one transmission should fail, it can be repeated without impacting the others.
- Multipart Upload will be automatically used with AWS CLI or a high-level API.
Transfer Acceleration can speed up uploading large objects by routing uploads through geographically nearby AWS edge locations and from there, routed using Amazon’s internal network.
- Amazon S3 Transfer Acceleration Speed Comparison tool
- Special endpoint: .s3-accelerate.amazonaws.com
What are the encryption options for S3 objects?
Server-side encryption:
- SSE-S3
- SSE-KMS
- SSE-C
Client-side encryption:
- can be done using an AWS KMS-Managed Customer Master Key
Are S3 events logged by default?
No, S3 buckets can see a lot of activities, and not every use case justifies the log data that S3 can generate.
When you enable logging, you will need to specify both a source bucket and a target bucket. Optionally, you can also specify delimiters and prefixes to better identify and organize logs.
What is S3 durability?
99.999999999% (11 nines)
If you have 10 million objects stored in S3, you can expect on average to lose 1 object every 10,000 years.
What is S3 availability?
- S3 Standard: 99.99%
- S3 IA: 99.9%
- S3 One-Zone IA: 99.5%
- S3 Intelligent Tiering: 99.9%
What is S3 consistency model?
S3 uses eventually consistency for updates and deletes, because S3 replicates data across multiple locations in a region.
You should expect a delay of two seconds or less for updates and deletes.
Because there isn’t risk of corruption when creating new objects, S3 provides read-after-write consistency for creation PUT operations.
How do you manage the lifecycle of S3 objects?
- Versioning
- Lifecycle Management
What are S3 lifecycle rule actions?
- Move current version
- Move non-current versions
- Expire current version
- Permanant delete non-current versions
- Delete expired object delete markers
- Delete incomplete multipart uploads
What are the options to restrict access to S3?
- ACL rules (legacy)
- Bucket policies
- IAM policies
When to use Bucket Policy to restrict access to S3?
Bucket policy makes sense when you want to control access to a single S3 bucket for multiple external accounts and users.
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“AWS”: [“arn:aws:iam::xxxxxxxxxxxx:root”,
“arn:aws:iam::xxxxxxxxxxxx:user/Steve”]
},
“Action”: “s3:”,
“Resource”: [“arn:aws:s3:::MyBucket”,
“arn:aws:s3:::MyBucket/”]
}
]
}
When to use IAM Policy to restrict access to S3?
IAM policy exists at the account level, and makes sense when you want to control the way individual users and roles access multiple AWS resources, including S3.
{
"Version": "2012-10-17",
"Statement":[{
"Effect": "Allow",
"Action": "s3:*",
"Resource": ["arn:aws:s3:::MyBucket",
"arn:aws:s3:::MyBucket/*"]
}
]
}
What is S3 Access Point?
S3 Access Points are unique hostnames that are created to enforce distinct permissions and network controls for any request made through the Access Point.
What is S3 Pre-signed URL?
S3 Pre-signed URL provides temporary access to an object that’s otherwise private.
What are the equivalents of bucket and object in Glacier?
Bucket => Vault
Object => Archive
What are the storage tiers of Glacier?
- Glacier
- Glacier Deep Archive
- Glacier Instant Retrieval
