S3 8

Question 1

S3 Events

Where can S3 Events be delivered to?

Answer 1

SNS, SQS, Lambda

Question 2

S3 Events

What filters can you do on actions that trigger S3 Events?

important

Answer 2

Create/delete objects, Glacier restore, replication things

Glacier restore specifically is Cantrill flagged for exam

Question 3

S3 Events

What do you do if you want S3 events for things that S3 Events doesn’t support?

Answer 3

Use EventBridge

Question 4

ACLs

Two levels os S3 things you can use ACLs with?

Answer 4

Bucket level and object level

Question 5

ACLs

Advantage of S3 ACLs?

Answer 5

Can control permissions on individual objects.

Question 6

ACLs

Four Grantees for ACLs?

Answer 6

Bucket owner, Everyone, Authenticated users, specific AWS accounts

Question 7

ACLs

Who does Bucket Owner ACL apply to?

Answer 7

Only the AWS account that owns the bucket

Question 8

ACLs

Who does Everyone apply to?

Answer 8

Literally everyone, including unauthenticated and un-SIGv4-signed requests

Question 9

ACLs

Who does Auth Users apply to?

Answer 9

Anyone with a SIGv4-signed request

Question 10

ACLs

Two types of S3 things that ACL permissions can apply to?

Answer 10

S3 objects and S3 Bucket ACLs

Question 11

ACLs

What ACL permissions can you grant at the bucket level?

Answer 11

List objects, write objects, read bucket ACLs, write bucket ACLs

Question 12

ACLs

What ACL permissions can you grant at the object level?

Answer 12

Read object, read object ACL, write object ACL (no write object perm exists!)

Question 13

ACLs

How do you grant access via an ACL to another AWS account?

Answer 13

Need their “Canonical ID” since ACLs existed before IAM did.

Question 14

ACLs

What happens if ACLs and IAM-based permissions conflict?

Answer 14

Any explicit deny anywhere denies access, else something has to grant access.