S3 Flashcards
What is S3 Bucket?
A directory with a unique name (across all regions and accounts).
They are defined on region level.
What is S3 Bucket Naming convention
No uppercase nor underscore. No prefix xn– nor suffix -s3alias. Starts with letter or number
How are the Objects saved in S3 Bucket?
Each file has a key that corresponds to a full path. e.g
s3://my-bucket/my_folder1/an0ther_folder/myfile.txt
then prefix: my_folder1/an0ther_folder/
and object name: my_file.txt
compose the key.
there are no directories even though the UI tricks us to think there is
What is a Object in S3 and what does it consist of.
Any content with body that doesn’t exceed 5TB. However if more then 5GB then must use “multi-part” upload
Consists of
1. Metadata (list of text key / value pairs)
2. Tags (Unicode key / value pair)
3. Version ID (if versioning enabled)
What are Security options in S3?
- User-based via IAM
- Resource-based
a) Bucket policies - most common
b) Object Access Control List (ACL) - finer grain
c) Bucket Access Control List (ACL) - less common - Encryption using encryption keys
How does S3 Bucket Policy look like?
It is JSON based, same as in IAM Policy. Can be created using a Policy generator
How can a IAM User gain access to S3 Bucket?
Through IAM Policies
How can an EC2 instance access S3 Bucket?
EC2 Instance Role can access an S3 Bucket.
How can an IAM User of different Account access our S3 Bucket?
with Usage of Bucket Policy and allowing cross-account access
How to ensure that none of the S3 Buckets in our account will ever be publicly accessible?
By setting Block all public access on the account level for all buckets or at the bucket level for only particular bucket.
Can S3 host websites?
Yes, but only static ones and with an AWS URL and only if all content of the bucket is publicly readable.
What is S3 Versioning?
It is a setting that enables creating multiple versions of the same file on the same key.
Overriding will create the file with version n+1
Deleting will put a delete marker on the version, but the object will still be restorable.
What happen when u suspend versioning in S3 Bucket?
All previously created versions stay, there will just not be any new ones.
How to permanently delete an Object while versioning enabled in S3 Bucket?
Go into the show versions view and then delete a specific version of a file.
What are two flavours of S3 replication?
CRR - Cross Region Replication
SRR - Same Region Replication
How does the S3 Replication work?
- Versioning must be enabled in both source and destination buckets
- Copying is async
- Buckets may be in different AWS Accounts
- S3 must have proper IAM Permissions
Does the replication process replicate already existing data?
no, for that we need to create a one-time batch operation to replicate those and sync both buckets.
What storage Classes does S3 Offer?
- Standard
- Standard-Infrequent Access (IA)
- One Zone-Infrequent Access
- Glacier Instant Retrieval
- Glacier Flexible Retrieval
- Glacier Deep Archive
- Intelligent Tiering
What is S3 Durability?
How many objects is S3 allow to ‘lose’?
S3 is very high durability 11 9’s 99.999999999% of objects across multiple AZ
It’s allowed to lose 1 Object of 10.000.000 Objects every 10.000 Years
Durability is same across all storage classes.
What’s S3 Availability?
How readily the service is.
Varies depending on storage class
S3 Standard has 99.99% Availability per year (53 mins a year)
What are the params of S3 Stardard?
99.99% Availability
Used for frequent access
Low latency and high throughput
Can sustain 2 concurrent facility failures.
What are the params of S3 Infrequent Access (IA)?
99.9% Availability
Cheaper to store but it costs a bit to retrieve.
good for backups and disaster recovery
What are the params of S3 One Zone Infrequent Access (One Zone-IA)?
99.5% Availability
99.999999999 (11 9s) Durability but in ONE ZONE only
What are the params of S3 Glacier Storage Class?
Very low cost of storage meant for archiving / backup
Object retrieval cost.
3 Classes:
- Instant retrieval (miliseconds)(>90 days), great for data accessed 1 a quarter
- Flexible Retrieval (>90 days) - u pay depending on how fast u want your data retrieved:
a) Expedited (1 - 5 mins)
b) Standard (3 - 5 hours)
c) Bulk (5 to 12 hours) - free
- Deep Archive (>180 days) - Standard (12 hours), Bulk (48 hours)
What are the parameters of S3 Intelligent Tiering?
Small monthly monitoring and auto tiering fee.
It moves the files on the following scheme:
Frequent Access Tier - default (auto)
Infrequent Access Tier - >30days (auto)
Archive Instant Access Tier - >90days (auto)
Archive Access Tier -> >90 - 700+ days (optional)
Deep Archive Access Tier -> >90 - 700+ days (optional)
What are 2 Types of S3 Encryption?
Server Side (file is encrypted by a server upon arrival) - always on.
Client-Side Encryption (file is encrypted by a user before upload)
What is IAM Access Analyser for S3?
It is a tool that analyzes S3 Bucket policies, S3 ACLs, and Access point Policies to ensure that only intended people have access to the S3 Bucket.
What are the reponsiblities of AWS in S3?
Infrastructure (global sec, durability, sustain data in concurrent loss of 2 facilities)
Configuration
Compliance on AWS end
What are the responsibilities of User in S3
Setting up:
1. Versioning
2. Bucket Policies
3. Replication
4. Using the Storage Classes for cost effectiveness
5. Logging / Monitoring
6. Encrypting data on users end
What is AWS Snowball?
Highly secure, portable device to collect and process data at the edge and migrate it in or out of AWS.
Use it when it takes more than a week to transfer data.
What are the 2 types of Snowball?
- Snowball Edge Storage Optimized (210TB)
- Snowball Edge Compute Optimized (28TB)
What do we need the Edge Computing?
To process data while it’s on the go being outside grid.
It allows to run EC2 Instances or Lambda functions on the edge.
How does AWS Snowball Edge Pricing work?
Data IN Transfer is free
1. On-Demand (one-time service fee per job with a timeframe included)
Shipping days are not counted torwards the timeframe
2. Committed Upfont
for the edge computing (1-year / 3 years of usage) up to 62% discount compared to on-demand pricing
What is Hybrid Cloud?
Bridge between AWS and on-prem allowing some infrastructure on prem some on AWS.
To access the S3 Bucket then on the own infrastructure u would need to build AWS Storage Gateway.
