s3 Flashcards
What is a Resource Policy
Policy that grants outside accounts specific access to a resource.
Can resource policies grant allow/deny access to accounts other than the one they are created in?
YES
What type of policy can allow/deny anonymous principles?
Resource policies
What property in a Resource Policy json is unique to this type of policy (in contrast to IAM Policies)
Principal
What does the Principle in a resource policy do?
Defines who the statement applies to (and who will get the allow/deny)
What is the id for all objects on buckets that don’t have versioning enabled
null
can bucket with versioning enabled be disableD?
no
can a bucket with versioning disabled be enabled
yes
can a bucket with verioning enabled be suspended?
yes
what 2 things are true about a bucket with MFA delete
MFA becomes required to delete bucet versions
MFA is required to CHANGE the version state (i.e from versioned to suspended)
can buckets be encrypted?
no, only objects within them
can objects specifically be encrypted?
yes, thats how it works yo
does aws ever see data uploaded to s3 with client side encryption
no, it’s encrypted the moment it leaves the client.
does aws ever see data uploaded with s3 with server side encryption
yes - it gets unencrypted data and then it encrpts it before storing,
can you choose to store objects in s3 unencrypted?
no, encryption-at-rest is mandatory!
whats SSE-C
Server side escryption with customer provided keys
whats SSE-S3
server side encryption with s3 managed keys
whats SSE-KMS
server side encryption with KMS
What encryption algorithm does SSE-S3 use?
AES-256
what code from s3 means the object has been durably stored successfully?
200
whats the minimum starogae time you will be billed for S3-IA
30 days
whats the minimum storage size you’ll be billed for S3-IA
128KB per object
whats the minimum storage time for S3 Glacier Instant?
90 days
whats the minimum storage size for S3 Glacier Instant?
128KB per object
when doing lifecycle s3 configuration, how long must an object be in s3 standard before a lifecycle can transition it to IA or one-zone IA?
30 days
⭐ When enabling replication on an s3 bucket, will objects already be stored get replicated?
No, only objects going forwards
can you enable object replication on a bucket that has versioning enabled?
yes (and versioning is required)
can you use replication to sync between two s3 buckets by default?
No, it only sync FROM source TO destination but that’s one-way. You CAN enable as an additional setting tho
for replication, does the SOURCE bucket owner need to have permission to the objects?
YES
how are system events (lifecycle events) replicated in bucket replication
they ARENT
which types of objects (storage tiers) will work with replication?
all except glacier, and glacier deep archive
how can you sync deletes accross source/dest buckets with replication?
need an additional setting DeleteMarkerReplication. NOT on by default
can you create a presigned url for an object you have no access to?
yes, actually
what identity is assumed when you access an s3 object via pre-signed url?
the identiy of the IAM user that requested the presigned url to be generated
