S3 Flashcards

1
Q

The scenarios to use Transfer Acceleration

A
  1. You have a centralized bucket, the end user need to uploading data across from globe.
  2. regularly transfer GBs and TBs of data across continents.
  3. available bandwidth is underutilized.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Requester Pay Model

A

You only pay the cost of the data you store in S3.
When you want to share the data but do not want to get charged for the requests received, data downloads, or upload operations.
Do not support anonymous request, BitTorrent, and SOAP request.
does not allow you to enable end user logging on Requester Pays bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Object elements

A

key, version ID, value, metadata, subresources, access control information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Object keys

A

unique; a sequence of Unicode characters in UTF-8 encoding; maximum of 1024 bytes long;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Object Metadata types

A

System-metadata; user-defined metadata.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

System-metadata

A

content-length; content-MD5; Date; Last-Modified; x-amz-delete-marker; x-amz-server-side-encryption; …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

S3 Storage Classes

A

S3 standard storage; S3-infrequently Accessed(IA) storage; S3 Reduced Redundancy Storage(RRS); Glacier;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

S3-IA storage

A

less frequently used but needs to be available immediately when needed. Suitable for long-term data storage, backups, and disaster recovery. minimum object size 128KB. minimum storage duration: 30 days
durability 11 9’s
availability 99.90%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

S3 RRS

A

suitable for storing noncritical and reproducible data. ideal for storing thumbnails, transcoded media, and any other processed data that can be reproduced.
durability 99.99%
availability 99.99%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Glacier

A

very low-cost, secure, and durable data archival storage. 90 days; data retrieval time: 3 to 5 hours; Maximum size 40TB.
durability 11 9’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Lifecycle Rules – action types

A

Transition actions and Expiration actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Hosting static website on S3

A

can not support server side scripting. can host HTML pages, css, client-side scripts etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

S3 Limits & Restrictions

A

an AWS account can own up to 100 S3 buckets

No Limit to the number of objects that can be stored in a bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Bucket name restrictions

A

globally unique;
comply with DNS naming conventions;
3-63 characters long;
only lowercase, numbers, periods and hyphens;
periods and hyphens can not follow each other;
must not be an IP address format.
must start with a letter or number.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

S3 Objects

A

basic entities stored in S3.
0-5TB;
larger than 5 GB require using the multipart Upload API;
>100MB recommended using multipart Upload.
URL: https://s3-.amazonaws.com//

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Amazon S3 - URL

A

.s3-website-.amazonaws.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

S3

A

highly available and redundant object storage in the cloud; is a global service but buckets are region specific. Unlimited storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Bucket

A

a logic unit in S3, just like a folder. it is a container wherein you can store objects and also folders. buckets creates at root level. used for organizing objects in S3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Data Consistency

A

Read-after-write consistency for puts of new objects

Eventual consistency for Overwrite PUTS and DELETES.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

HTTP Error Codes

A

200 – successful,
300 – redirection,
400 – client-side error,
500 – server-side error

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Multipart Upload

A

Break a file up into pieces, upload the pieces and combine in S3 to create the object.
can be run in parallel.
over 5GB must be uploaded via multipart upload. > 100MB recommended.
can pause and resume uploads;
if a part fails, then just that part can be reloaded instead of whole object.

22
Q

S3 Storage classess– Standard

A

provides low-latency and high-throughput performance
durability – 11 9’s
availability – 99.99%

23
Q

Bucket Permissions

A

bucket policies – Resource-based; user policies;
specify who is allowed to access resources; what that user can do with those resources;
AWS gives full permissions to the owner of a resource.
Resources owners can grant access to others, even cross-account.
the bucket owner paying bills can deny access or modify objects regardless of who owns them.

24
Q

Bucket Polices

A

Resource-based policy;
use json file attached to the resource
can grant other aws accounts or iam users permission for the bucket and objects inside.
should be used to manage cross-account permission for all s3 permission
Limited to 20 KB in size.

25
Q

ACL

A

Access Control List;
used for both buckets and objects;
grant read/write permissions to other aws accounts;
can not grant conditional permission;
can not explicity deny permissions
is the only way to manage access to objects not owned by the bucket owner,
XML Format.

26
Q

IAM Policies

A

user policy;
can create multiple users and give then the same policy or different policies
Policies are attached and can be detached.
can not grant to anonymopuse users.
arn:aws:s3:::bucket_name/key_name/${aws:username}

27
Q

encryption

A

in-transit vs at rest,

28
Q

Protecting data in transit – using a client-side master key.

A

Master keys and unencrypted data are never sent to AWS.
on Upload: 1. Client provides a master key to the Amazon S3 encryption client;
2. S3 client generates a random data key and encrypts it with your master key.
3. S3 client encrypts you8r data using the data key, and uploads a material description as part of the object metadata.
on Download: 1. Client downloads encrypted object along with its metadata
2. metadata tells which master key to use to decrypt;
3. using the master key to decrypts the data key.
4. datakey is used to decrypt the object.

29
Q

Protecting data in transit – KMS-managed customer master key(CMK)

A

Client gets a unique encryption key for each object.
on upload: 1. client first sends a request to aws kms for a key.
2. aws kms returns an encryption key(plain text used to encrypt object data, and a cipher blob to upload to S3 as object metadata)
on download: 1. download encrypted object from S3 with the cipher blob stored in metadata
2. client then sends that cipher blob to aws KMS to get the plain text
3. plain text is used to decrypt the object.

30
Q

at rest – S3-Managed Encryption

A

x-amz-server-side-encryption request header to upload request.
AES-256

31
Q

at rest – KMS-Managed Encryption keys

A

give more flexibility in controlling keys.

32
Q

at rest – Customer-Provided Encryption Keys

A

gives you the option to generate your own keys outside of the AWS environment.
amazon does not store your encryption key.

33
Q

How can I delete large numbers of objects?

A

Multi-Object Delete

34
Q

How is Amazon S3 data organized?

A

S3 is a simple key-based object store.

35
Q

What is the BitTorrent protocol, and how do I use it with Amazon S3?

A

BitTorrent is an open source Internet distribution protocol. Amazon S3’s bandwidth rates are inexpensive, but BitTorrent allows developers to further save on bandwidth costs for a popular piece of data by letting users download from Amazon and other users simultaneously. Any publicly available data in Amazon S3 can be downloaded via the BitTorrent protocol, in addition to the default client/server delivery mechanism. Simply add the ?torrent parameter at the end of your GET request in the REST API.

36
Q

How can I delete large numbers of objects?

A

You can use Multi-Object Delete to delete large numbers of objects from Amazon S3. This feature allows you to send multiple object keys in a single request to speed up your deletes. Amazon does not charge you for using Multi-Object Delete.

37
Q

How is Amazon S3 data organized?

A

Amazon S3 is a simple key-based object store. When you store data, you assign a unique object key that can later be used to retrieve the data. Keys can be any string, and can be constructed to mimic hierarchical attributes.

38
Q

How can I Increase the number of Amazon S3 buckets that I can provision?

A

By default, customers can provision up to 100 buckets per AWS account. However, you can increase your Amazon S3 bucket limit by visiting AWS Service Limits.

39
Q

Wasn’t there a US Standard region?

A

We renamed the US Standard Region to US East (Northern Virginia) Region to be consistent with AWS regional naming conventions. There is no change to the endpoint and you do not need to make any changes to your application.

40
Q

What is an Amazon VPC Endpoint for Amazon S3?

A

An Amazon VPC Endpoint for Amazon S3 is a logical entity within a VPC that allows connectivity only to S3. The VPC Endpoint routes requests to S3 and routes responses back to the VPC.

41
Q

Can I allow a specific Amazon VPC Endpoint access to my Amazon S3 bucket?

A

You can limit access to your bucket from a specific Amazon VPC Endpoint or a set of endpoints using Amazon S3 bucket policies. S3 bucket policies now support a condition, aws:sourceVpce, that you can use to restrict access.

42
Q

What is Amazon Macie?

A

Amazon Macie is an AI-powered security service that helps you prevent data loss by automatically discovering, classifying, and protecting sensitive data stored in Amazon S3. Amazon Macie uses machine learning to recognize sensitive data such as personally identifiable information (PII) or intellectual property, assigns a business value, and provides visibility into where this data is stored and how it is being used in your organization. Amazon Macie continuously monitors data access activity for anomalies, and delivers alerts when it detects risk of unauthorized access or inadvertent data leaks.

43
Q

What checksums does Amazon S3 employ to detect data corruption?

A

Amazon S3 uses a combination of Content-MD5 checksums and cyclic redundancy checks (CRCs) to detect data corruption. Amazon S3 performs these checksums on data at rest and repairs any corruption using redundant data. In addition, the service calculates checksums on all network traffic to detect corruption of data packets when storing or retrieving data.

44
Q

How do I get my data into Standard - IA?

A

You can directly PUT into Standard – IA by specifying STANDARD_IA in the x-amz-storage-class header. You can also set lifecycle policies to transition objects from Standard to Standard - IA.

45
Q

Is there a minimum duration for Standard - IA?

A

30 days

46
Q

What is “Query in Place” functionality?

A

S3 Select, Amazon Athena, and Amazon Redshift Spectrum,

47
Q

What am I charged for archiving objects in Amazon Glacier?

A

Amazon Glacier storage is priced from $0.004 per gigabyte per month. Lifecycle transition requests into Amazon Glacier cost $0.05 per 1,000 requests. Objects that are archived to Glacier have a minimum of 90 days of storage, and objects deleted before 90 days incur a pro-rated charge equal to the storage charge for the remaining.

48
Q

CORS

A

Cross Origin Resource Sharing – to avoid the use of proxy. defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORs support in Amazon S3. you can build rich client-side web applications with S3 and selectively allow cross-origin access to your amazon s2 resources.

49
Q

Cross Region Replication

A

requires versioning enabled on source and destination buckets. existing objects will not be replicated, only new objects will be replicated across the region.

50
Q

Lifecycle Management in S3

A

(1) when versioning is disabled
Transition to IA S3 - min 30 days and has a 128KB minimum of object size
Archive to Glacier - min 1 day if IA is not checked, min 60 day if Transition to IA S3 is checked
Permanently Delete - min 2 day if IA is not checked and 1 is selected for Glacier, min 61 day if IA is selected 30, Glacier is selected 60.
(2) when versioning is enabled you have lifecycle management options to take action on previous version as well as current version.

51
Q

Server-Side Encryption with Amazon S3-Managed Keys(SSE-S3).

A

Each object is encrypted with a unique key employing strong multi-factor encryption. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.