S3 Flashcards
Is S3 object or block based?
S3 is object based
Storage limit in S3
There is unlimited storage in S3
What are you asked when creating a bucket?
Bucket name, region, etc.
Scope of the S3 buckets names
Bucket names must be unique globally.
What is one of the formats of the S3 objects URL?
https://[bucketName].s3.[region].amazonaws.com/[objectName]
Data consistency model of Amazon S3
Amazon S3 buckets in all Regions provide read-after-write consistency for PUTS of new objects and eventual consistency for overwrite PUTS and DELETES.
S3 storage classes/tiers
- S3 Standard
- S3-IA
- S3 One Zone-IA
- S3 Glacier
- S3 Glacier Deep Archive
- S3 Intelligent-Tiering
S3 object’s fundamentals
Key (name)
Value (data)
Version Id
Metadata
Can be versioning on S3 disabled?
No. It can only be suspended
What are the file size limits in S3?
Files can be from 0 bytes to 5 TB.
What is the HTTP PUT size limit in S3?
5G
What is an alternative to upload big objects to S3 apart from a single PUT?
The Multipart Upload API
How much time is needed to restore from Glacier?
A few hours or minutes
What are the costs associated with S3?
Storage Requests Storage Management Pricing (tags) Data Transfer Pricing (on cross-region replication) Transfer Acceleration (using CloudFront)
Is S3 versioning incremental?
No. Stores all versions of an object.
What is required for Cross Region Replication?
Versioning enabled on the source and target buckets
Does versioning is required for Lifecycle rules?
No. Lifecycle rules can be used in conjunction with versioning but is not required
When you activate Cross Region Replication, does existing objects are replicated?
No. Existing objects will not be replicated. Cross-Region Replication replicates every future upload of every object to another bucket.
What can be done with Lifecycle Management?
Automate moving the objects between storage classes
Are S3 buckets by default public or private?
By default, all newly created buckets are private (and also all objects stored inside them)
How can you setup access control to a bucket?
Using:
- Bucket policies
- Access control lists
How can you audit the access to S3 resources?
S3 buckets can be configured to create access logs which log all requests made to the S3 bucket. This can be done to another bucket (even in another AWS account)
What encryption methods are supported for “in transfer” S3 resources?
SSL/TLS
What encryption methods are supported for the Server Side Encryption (“at rest”) of S3 resources?
- Server-side encryption
- SSE-S3 (Managed keys)
- SSE-KMS (Key Management Service)
- SSE-C (Customer Provided Keys)
What’s an additional security measure to prevent accidental deletions of S3 objects?
Versioning’s MFA delete capability
Are lifecycle rules available only for the current version?
No. Lifecycle rules are also available for previous versions.
Can S3 be used to host static websites?
Yes (serverless, very cheap, scales automatically, no dynamic site hosting)
What’s the HTTP status code for a successful S3 write?
HTTP 200 OK
Which is the URL format for S3 static website hosting?
http://[bucket name].s3-website-[region].amazonaws.com
How am I charged for using Versioning?
Normal Amazon S3 rates apply for every version of an object stored or requested.
Are deletions (delete markers) replicated in S3 Replication?
Not by default
What’s an expected “limit” for PUT/POST/DELETEs and GETs per second in S3? How can performance be increased with prefixes?
There’s no hard limit. Your application can achieve at least 3,500 PUT/POST/DELETE and 5,500 GET requests per second per prefix in a bucket. There are no limits to the number of prefixes in a bucket. It is used to increase your read or write performance exponentially. For example, if you create 2 prefixes in an Amazon S3 bucket to parallelize reads, you could scale your read performance to 11,000 read requests per second.
Does Multipart Upload deliver improved throughput?
Yes. You can upload parts in parallel to improve throughput.
How can you make individual objects public?
Using object ACLs
How can you make entire buckets public?
Using bucket policies
What do you need to keep in mind when using SSE-KMS to encrypt your objects in S3?
The KMS limits. Uploading/Downloading will count towards the KMS quota
How can performance be increased when downloading large files from S3?
Using S3 byte-range fetches
What kind of versions are stored for an object when versioning is enabled?
All versions of an object are stored in S3. This includes all writes and even if you delete an object
Can Lifecycle Management be only applied to current versions?
No. Can be applied to current versions and previous versions
What can S3 Object Lock be used for?
To store objects using a WORM model: Write once, read many
How can S3 Object Lock be applied? To individual objects or to an entire bucket?
Both. Object Lock can be on individual objects or applied across the bucket as a whole
What are the two possible S3 Object Lock modes?
Compliance mode and governance mode
How does S3 Object Lock Governance Mode work?
Users can’t overwrite or delete an object version or alter its lock settings unless they have special permissions
How does S3 Object Lock Compliance Mode work?
A protected object version can’t be overwritten or deleted by any user, including the root user in your AWS account
How can WORM be implemented in S3 and Glacier?
WORM -> S3 -> Object lock
WORM -> Glacier -> Vault lock
How does S3 Glacier Vault Lock work?
S3 Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy. You can specify controls, such as WORM, in a vault lock policy and lock the policy from future edits. Once locked, the policy can no longer be changed.
How much time is needed to restore from Glacier Deep Archive?
12 hours
How can encryption be enforced with a Bucket Policy?
A bucket policy can deny all PUT requests that don’t include the x-amz-server-side-encryption parameter in the request header
When do multipart uploads should and must be used?
Should be used for any files over 100MB and must be used for any file over 5GB.
