s3 Flashcards
provides secure durable highly scalable object storage in the cloud
S3
do you get unlimited storage with S3?
Yes
size range of objects within S3
0-5TB
where files are stored in
Buckets
do s3 bucket names have to be totally unique?
Yes
https://bucketname.s3.Region.amazonaws.com/name
S3 url format
code received when uploading a file successfully to S3
HTTP 200
data is spread across multiple devices and facilities to enure availability and durability
true
availability in s3
99.95%-99.99%
durability in s3
nine 9s 99.999999999%
high availability and durability storage in s3. data stored redundantly across multiple facilities
99.99% availability
11 9’s durability
standard s3
designed for frequently accessed data, and is suitable for most workloads
standard s3
define rules to automatically transition objects to a cheaper storage tier or delete objects no longer required
lifecycle policies
all versions of an object are stored
versioning
encryption on a bucket that will encrypt all new objects stored in the bucket
server-side encryption
define which AWS accounts or groups are granted access and the type of access. can be attached to individual objects
Access control lists
specify which actions are allowed or denied
s3 bucket policies
any subsequent read of an objects receives the latest version of the object
strong read-after-write consistency
can you install an OS or DB storage on S3?
No
A key is an
object name
the data itself is called
value
restrict access on an individual object level
Access Control Lists (ACL)
restrict access on an entire bucket level
Bucket Policy
have multiple versions of objects within a bucket
Versioning
prevent accidental deletion of objects within an s3 bucket using
MFA
automates moving your objects between the different storage tiers maximizing cost-effectiveness
Lifecycle managemnet
store objects using a write once, read many (WORM) model
S3 object lock
users can’t overwrite or delete an object version or alter its lock settings unless they have special permissions. Users can be granted permission to alter the retention settings
governance mode
protected object version that can’t be overwritten or deleted by any user including the root user for the duration of the retention period
Compliance mode
protects an object version for a fixed amount of time
retention periods
prevents an object version from being overwritten or deleted but does not have an associated retention period, and remains in effect until it’s removed
legal holds
deploy and enforce compliance controls for individual s3 glacier vaults such as worm models
glacier vault lock
Data is first encrypted on the client-side before uploaded to Amazon S3. You manage the encryption process, the encryption keys, and related tools
Client-Side encryption (CSE)
Amazon S3 encrypts your object before saving it on disks in its data centers and then decrypts it when you download the objects
Server-Side encryption (SSE)
You manage the encryption keys and S3 manages the encryption and decryption process
SSE-C
S3 uses AES-256 encryption keys to encrypt your objects, and each object is encrypted with a unique key
SSE-S3 (AES256)
S3 uses AES-256 encryption keys to encrypt your objects but the key is managed in a different service, which is AWS KMS
SSE-KMS
Encrypted using SSL goes over port 443, when sending to and from buckets
Encryption in Transit
used to enforce encryption automatically
bucket policies
Data is broken up into parts for uploading, parts can fail and be restarted
Multipart Upload
allows better performance when reading objects by spreading reads across them
different prefixes
replicate objects from one bucket to another
s3 replication
objects in an existing bucket are not replicated automatically
true
once replication is turned on all subsequent updated objects will be replicated automatically
true
delete markers are not replicated by default
true
