S3 Flashcards
What is the main purpose of S3 object versioning?
Protect from unintended deletes and keep track of object changes
What are the two main types of S3 replication and their use cases?
Cross region replication
* replicate to a bucket on another region. Used for compliance, lower latency access and replication accross accounts
Same Region Replication
* replicate to a bucket on the same region. Used for log aggregation, live replication between production and test accounts
You have enabled replication on an existing bucket, but the old objects were not replicated. Why?
After enabling replication, only existing objects are replicated. To replicate existing objects, use S3 batch replication
What are S3 storage classes and its features?
Storage classes differ based on the frequency you access the data and the amount of time needed to retrieve the specified data
S3 standard
* frequently accessed data
* big data analytics, content distribution
S3 Infrequent Access
* data that is less frequently accessed, but requires rapid access when needed
* standard IA - disaster recovery, backups
* one zone IA - high durability in single AZ, data lost when AZ is destroyed
Glacier
* low cost, meant for archiving/backup
* instant retrieval - milisecond retrieval, minimum storage of 90 days
* flexible retrieval - 1 minute to 12 hours to retrieve data, minimum storage of 90 days
* deep archive - 12 to 48 hours to retrieve data, minimum storage of 180 days
Intelligent Tiering
* small monthly monitoring and auto tiering fee
* moves objects automatically between access tiers based on usage
An application creates images thumbnails after profile photos that are uploaded to S3.
These thumbnails can be easily recreated, and only need to be kept for 60 days. The source images should be able to be immediately retrieved for these 60 days, and afterwards, the user can wait up to 6 hours. How would you design this?
source images can be on Standard S3 and move to glacier after 60 days
thumbnails can be on one zone IA and delete them after 60 days
You should be able to recover your deleted S3 objects immediately for 30 days, although this may happen rarely. After this time, and for up to 365 days, deleted objects should be recoverable within 48 hours.
Enable S3 versioning
Transition noncurrent (deleted) versions to standard IA after 30 days
Transition noncurrent (deleted) versions to deep archive
What are S3 event notifications and how can it be used?
Event notifications is a feature that can send events like: object created, object removed, object restore, S3 replication to SNS, SQS, lambda, event bridge and other AWS services. It is useful when a action needs to be performed right after an event occur on S3.
What can you do if uploading a file to S3 is very slow?
Enable S3 transfer acceleration, that uploads the file to an edge location and then upload it to AWS using a private network (very fast)
What can you do to speed up downloading S3 files?
Enable S3 byte range fetches. It parallelize GET requests by requesting specific byte ranges. Can be used to retrieve partial data
What is S3 select and Glacier Select and when it can be used?
It is used to perform server-side filtering by using SQL statements to retrieve less data
Less network transfer, less CPU cost client-side
What are the three types of S3 encryption?
SSE-S3
* managed and owned by AWS
SSE-KMS
* encryption using keys handled and managed by AWS KMS (user control audit key usage)
* KMS limits (quotas per region)
SSE-C
* keys fully managed by the customer
* encryption key must be provided in HTTP headers for every HTTP request
Client side Encryption
* encrypt and decrypt happens at the client
* customer fully manages keys
In transit - HTTPS - can be forced using S3 policy
What is the CORS option on S3 and when it needs to be enabled?
CORS (Cross-Origin Resource Sharing) is a mechanism to allow requests to other origins while visiting the main origin
In S3, it needs to be enabled when a resource on a bucket needs to access a resource that is on another bucket (cross-origin request)
How S3 access logs works?
The access logs are saved on a S3 bucket. If you set the monitored bucket to be the logging bucket, a loop will be created and costs grow exponentially
What are S3 pre-signed URLS and its use cases?
Is a URL that points to a S3 object or bucket and was signed by an IAM user, so it has his permissions to access this object. It is useful when you need to distribute premium content that only some users can have access.
What are S3 access points?
With S3 access points, you can grant permissions to a defined prefix of a S3 bucket. It is useful when you have different groups and you need them to access only some prefixes of the bucket
