s3

Question 1

What is a Resource Policy

Answer 1

Policy that grants outside accounts specific access to a resource.

Question 2

Can resource policies grant allow/deny access to accounts other than the one they are created in?

Answer 2

YES

Question 3

What type of policy can allow/deny anonymous principles?

Answer 3

Resource policies

Question 4

What property in a Resource Policy json is unique to this type of policy (in contrast to IAM Policies)

Answer 4

Principal

Question 5

What does the Principle in a resource policy do?

Answer 5

Defines who the statement applies to (and who will get the allow/deny)

Question 6

What is the id for all objects on buckets that don’t have versioning enabled

Answer 6

null

Question 7

can bucket with versioning enabled be disableD?

Answer 7

no

Question 8

can a bucket with versioning disabled be enabled

Answer 8

yes

Question 9

can a bucket with verioning enabled be suspended?

Answer 9

yes

Question 10

what 2 things are true about a bucket with MFA delete

Answer 10

MFA becomes required to delete bucet versions

MFA is required to CHANGE the version state (i.e from versioned to suspended)

Question 11

can buckets be encrypted?

Answer 11

no, only objects within them

Question 12

can objects specifically be encrypted?

Answer 12

yes, thats how it works yo

Question 13

does aws ever see data uploaded to s3 with client side encryption

Answer 13

no, it’s encrypted the moment it leaves the client.

Question 14

does aws ever see data uploaded with s3 with server side encryption

Answer 14

yes - it gets unencrypted data and then it encrpts it before storing,

Question 15

can you choose to store objects in s3 unencrypted?

Answer 15

no, encryption-at-rest is mandatory!

Question 16

whats SSE-C

Answer 16

Server side escryption with customer provided keys

Question 17

whats SSE-S3

Answer 17

server side encryption with s3 managed keys

Question 18

whats SSE-KMS

Answer 18

server side encryption with KMS

Question 19

What encryption algorithm does SSE-S3 use?

Answer 19

AES-256

Question 20

what code from s3 means the object has been durably stored successfully?

Answer 20

200

Question 21

whats the minimum starogae time you will be billed for S3-IA

Answer 21

30 days

Question 22

whats the minimum storage size you’ll be billed for S3-IA

Answer 22

128KB per object

Question 23

whats the minimum storage time for S3 Glacier Instant?

Answer 23

90 days

Question 24

whats the minimum storage size for S3 Glacier Instant?

Answer 24

128KB per object

Question 25

when doing lifecycle s3 configuration, how long must an object be in s3 standard before a lifecycle can transition it to IA or one-zone IA?

Answer 25

30 days

Question 26

⭐ When enabling replication on an s3 bucket, will objects already be stored get replicated?

Answer 26

No, only objects going forwards

Question 27

can you enable object replication on a bucket that has versioning enabled?

Answer 27

yes (and versioning is required)

Question 28

can you use replication to sync between two s3 buckets by default?

Answer 28

No, it only sync FROM source TO destination but that’s one-way. You CAN enable as an additional setting tho

Question 29

for replication, does the SOURCE bucket owner need to have permission to the objects?

Answer 29

YES

Question 30

how are system events (lifecycle events) replicated in bucket replication

Answer 30

they ARENT

Question 31

which types of objects (storage tiers) will work with replication?

Answer 31

all except glacier, and glacier deep archive

Question 32

how can you sync deletes accross source/dest buckets with replication?

Answer 32

need an additional setting DeleteMarkerReplication. NOT on by default

Question 33

can you create a presigned url for an object you have no access to?

Answer 33

yes, actually

Question 34

what identity is assumed when you access an s3 object via pre-signed url?

Answer 34

the identiy of the IAM user that requested the presigned url to be generated