S3 Flashcards
S3
Simple Storage Service
Stores objects (files) in buckets (folders)
File Access
S3
Through URLs
S3
High availability
S3
Stored across AZs
S3
Lifecycle Policy
S3
Automates transitioning objects between classes
S3
Expiration action
S3 Lifecycle policy
Delete objects after set age
S3 Lifecycle policy
Transfer acceleration
S3
Objects upload faster using CloudFront and Edge Locations
S3
name limitation
bucket
must be globally unique
bucket
where buckets exist
bucket
defined at regional level
bucket
naming convention (4/5)
bucket
- no uppercase letters or underscores
- 63 characters max
- cannot be an IP
- must start with letter or number
- some prefixes and suffixes are reserved
bucket
max size
object
5TB
object
large file upload stipulation
object
must be multi-part upload
object
key
object
name or “full path” of object
object
“folder path”
object key
actually a prefix which contains “/”
object key
how sub-folders are handled
object key
sub-folder don’t really exist
object key
properties (4)
object
- value
- metadata
- tags
- VersionID if enabled
object
object value
object
name for contents of the object
object
public use case
bucket
host a static website
bucket
best practice
bucket versioning
enable versioning on all buckets
bucket versioning
preexising file “version”
bucket versioning
null
bucket versioning
consequence of suspending versioning
bucket versioning
previous versions are not deleted
bucket versioning
high durability
S3
chance of not losing a file is 99.99 999 999 9
S3
hich availability
S3
S3 standard is 99.99 available
S3
Transition action
S3 Lifecycle policy
moves objects between storage classes after set time
S3 Lifecycle policy
actions on versions
Expiration action
can delete old versions of objects
Expiration action
options for rules to filter objects (2)
S3 Lifecycle policy
- prefix
- tags
S3 Lifecycle policy
actions on incomplete uploads
Expiration action
can delete incomplete multi-part uploads
Expiration action
Storage Class Analysis report
S3 Lifecycle policy
used to help decide when to tranistion objects
S3 Lifecycle policy
update frequency
Storage Class Analysis report
daily
Storage Class Analysis report
requester pays
S3
option to make requestor of S3 objects pay network costs
S3
authentication requirement
requester pays
requester must be authenticated in AWS
requester pays
event notifications
S3
triggered on object changes
S3
filtering
event notifications
may filter on object properties
event notifications
EventBridge
event notifications
advanced notification relaying
event notifications
event destinations (3)
event notifications
- SNS
- SQS
- Lambda Function
event notifications
requirement for destinations
event notifications
require an IAM resource (access) policy
event notifications
S3 performance
S3
automatically scales to high requests
S3
bucket prefix requests per second for GET/HEAD
S3 performance
5500
S3 performance
bucket prefix requests per second for other types
S3 performance
3500
S3 performance
multi-part upload
S3 performance
parallelize uploads to improve transfers
S3 performance
recommended size of file
multi-part upload
100MB or more
multi-part upload
S3 Transfer Acceleration
S3 performance
uses nearest AWS edge location to forward data
S3 performance
byte-range fetch
S3 performance
parallelize GETs by byte ranges
S3 performance
performance benefit
byte-range fetch
receive ranges in parallel
byte-range fetch
failure of one byte range
byte-range fetch
just the specific range can be retried
byte-range fetch
use case for retrieving only partial data
byte-range fetch
retrieve header
byte-range fetch
S3 select and Glacier Select
S3
retrieve less data using SQL to filter on server side
S3
benefit
S3 select and Glacier Select
savings from less network transfer
S3 select and Glacier Select
S3 Batch Operations
S3
perform bulk operations on existing objects
S3
example operations (4/5)
S3 Batch Operations
- modify metadata, properties, ACLs, tags
- copy between buckets
- encrypt unencrypted objects
- restore objects from Glacier
- custom Lambda function
S3 Batch Operations
job composition (3)
S3 Batch Operations
- list of objects
- job to perform
- optional parameters
S3 Batch Operations
management actions done by Batch Operations (3/4)
S3 Batch Operations
- retries
- progress monitoring
- completion notifications
- reports
S3 Batch Operations
how to get object list (2)
S3 Batch Operations
- S3 inventory
- S3 Select
S3 Batch Operations
pre-signed URL
S3
allows user with URL temporary access to file in private bucket
S3
max time if created in Web UI
pre-signed URL
12 hours
pre-signed URL
max time if created in CLI
pre-signed URL
168 hours
pre-signed URL
S3 Glacier Vault Lock
S3
locked objects can no longer be changed or deleted
S3
how to enable
S3 Glacier Vault Lock
create a vault lock policy
S3 Glacier Vault Lock
use case
S3 Glacier Vault Lock
compliance or data retention
S3 Glacier Vault Lock
S3 Object Lock
S3
block an object temporarily from being deleted
S3
requirement
S3 Object Lock
versioning enabled
S3 Object Lock
retention modes (2)
S3 Object Lock
- compliance
- governance
S3 Object Lock
object versions under Compliance mode
S3 Object Lock retention modes
cannot be changed or deleted by anyone
S3 Object Lock retention modes
retention mode under Compliance mode
S3 Object Lock retention modes
cannot be changed or shortened by anyone
S3 Object Lock retention modes
object versions under Governance mode
S3 Object Lock retention modes
can be changed or deleted by users with special permissions
S3 Object Lock retention modes
retention mode under governance
S3 Object Lock retention modes
can be changed or removed by users with special permissions
S3 Object Lock retention modes
retention period
S3 Object Lock
time limit on how long an object can be locked
S3 Object Lock
legal hold
S3 Object Lock
protect an object indefinitely
S3 Object Lock
S3 Access Points
S3
simplifies security of data access to S3 Buckets
S3
Items each access point has (2)
S3 Access Points
- DNS Name
- Access Point policy
S3 Access Points
How to set up private access
S3 Access Points
define access point to only be accessible on VPC
S3 Access Points
VPC endpoint requirements (2)
S3 Access Points
- VPC endpoint
- VPC endpoint policy
S3 Access Points
S3 Access Points
Object Lambda Access Point
uses AWS Lambda Functions to change data before it is retrieved
S3 Access Points
Simple Storage Service
Stores objects (files) in buckets (folders)
S3
Through URLs
S3
File Access
S3
Stored across AZs
S3
High availability
S3
Automates transitioning objects between classes
S3
Lifecycle Policy
S3
Delete objects after set age
S3 Lifecycle policy
Expiration action
S3 Lifecycle policy
Objects upload faster using CloudFront and Edge Locations
S3
Transfer acceleration
S3
must be globally unique
bucket
name limitation
bucket
defined at regional level
bucket
where buckets exist
bucket
- no uppercase letters or underscores
- 63 characters max
- cannot be an IP
- must start with letter or number
- some prefixes and suffixes are reserved
bucket
naming convention (4/5)
bucket
5TB
object
max size
object
must be multi-part upload
object
large file upload stipulation
object
name or “full path” of object
object
key
object
actually a prefix which contains “/”
object key
“folder path”
object key
sub-folder don’t really exist
object key
how sub-folders are handled
object key
- value
- metadata
- tags
- VersionID if enabled
object
properties (4)
object
name for contents of the object
object
object value
object
host a static website
bucket
public use case
bucket
enable versioning on all buckets
bucket versioning
best practice
bucket versioning
null
bucket versioning
preexising file “version”
bucket versioning
previous versions are not deleted
bucket versioning
consequence of suspending versioning
bucket versioning
chance of not losing a file is 99.99 999 999 9
S3
high durability
S3
S3 standard is 99.99 available
S3
hich availability
S3
moves objects between storage classes after set time
S3 Lifecycle policy
Transition action
S3 Lifecycle policy
can delete old versions of objects
Expiration action
actions on versions
Expiration action
- prefix
- tags
S3 Lifecycle policy
options for rules to filter objects (2)
S3 Lifecycle policy
can delete incomplete multi-part uploads
Expiration action
actions on incomplete uploads
Expiration action
used to help decide when to tranistion objects
S3 Lifecycle policy
Storage Class Analysis report
S3 Lifecycle policy
daily
Storage Class Analysis report
update frequency
Storage Class Analysis report
option to make requestor of S3 objects pay network costs
S3
requester pays
S3
requester must be authenticated in AWS
requester pays
authentication requirement
requester pays
triggered on object changes
S3
event notifications
S3
may filter on object properties
event notifications
filtering
event notifications
advanced notification relaying
event notifications
EventBridge
event notifications
- SNS
- SQS
- Lambda Function
event notifications
event destinations (3)
event notifications
require an IAM resource (access) policy
event notifications
requirement for destinations
event notifications
automatically scales to high requests
S3
S3 performance
S3
5500
S3 performance
bucket prefix requests per second for GET/HEAD
S3 performance
3500
S3 performance
bucket prefix requests per second for other types
S3 performance
parallelize uploads to improve transfers
S3 performance
multi-part upload
S3 performance
100MB or more
multi-part upload
recommended size of file
multi-part upload
uses nearest AWS edge location to forward data
S3 performance
S3 Transfer Acceleration
S3 performance
parallelize GETs by byte ranges
S3 performance
byte-range fetch
S3 performance
receive ranges in parallel
byte-range fetch
performance benefit
byte-range fetch
just the specific range can be retried
byte-range fetch
failure of one byte range
byte-range fetch
retrieve header
byte-range fetch
use case for retrieving only partial data
byte-range fetch
retrieve less data using SQL to filter on server side
S3
S3 select and Glacier Select
S3
savings from less network transfer
S3 select and Glacier Select
benefit
S3 select and Glacier Select
perform bulk operations on existing objects
S3
S3 Batch Operations
S3
- modify metadata, properties, ACLs, tags
- copy between buckets
- encrypt unencrypted objects
- restore objects from Glacier
- custom Lambda function
S3 Batch Operations
example operations (4/5)
S3 Batch Operations
- list of objects
- job to perform
- optional parameters
S3 Batch Operations
job composition (3)
S3 Batch Operations
- retries
- progress monitoring
- completion notifications
- reports
S3 Batch Operations
management actions done by Batch Operations (3/4)
S3 Batch Operations
- S3 inventory
- S3 Select
S3 Batch Operations
how to get object list (2)
S3 Batch Operations
allows user with URL temporary access to file in private bucket
S3
pre-signed URL
S3
12 hours
pre-signed URL
max time if created in Web UI
pre-signed URL
168 hours
pre-signed URL
max time if created in CLI
pre-signed URL
locked objects can no longer be changed or deleted
S3
S3 Glacier Vault Lock
S3
create a vault lock policy
S3 Glacier Vault Lock
how to enable
S3 Glacier Vault Lock
compliance or data retention
S3 Glacier Vault Lock
use case
S3 Glacier Vault Lock
block an object temporarily from being deleted
S3
S3 Object Lock
S3
versioning enabled
S3 Object Lock
requirement
S3 Object Lock
- compliance
- governance
S3 Object Lock
retention modes (2)
S3 Object Lock
cannot be changed or deleted by anyone
S3 Object Lock retention modes
object versions under Compliance mode
S3 Object Lock retention modes
cannot be changed or shortened by anyone
S3 Object Lock retention modes
retention mode under Compliance mode
S3 Object Lock retention modes
can be changed or deleted by users with special permissions
S3 Object Lock retention modes
object versions under Governance mode
S3 Object Lock retention modes
can be changed or removed by users with special permissions
S3 Object Lock retention modes
retention mode under governance
S3 Object Lock retention modes
time limit on how long an object can be locked
S3 Object Lock
retention period
S3 Object Lock
protect an object indefinitely
S3 Object Lock
legal hold
S3 Object Lock
simplifies security of data access to S3 Buckets
S3
S3 Access Points
S3
- DNS Name
- Access Point policy
S3 Access Points
Items each access point has (2)
S3 Access Points
define access point to only be accessible on VPC
S3 Access Points
How to set up private access
S3 Access Points
- VPC endpoint
- VPC endpoint policy
S3 Access Points
VPC endpoint requirements (2)
S3 Access Points
uses AWS Lambda Functions to change data before it is retrieved
S3 Access Points
S3 Access Points
Object Lambda Access Point