S3 8 Flashcards
S3 Events
Where can S3 Events be delivered to?
SNS, SQS, Lambda
S3 Events
What filters can you do on actions that trigger S3 Events?
important
Create/delete objects, Glacier restore, replication things
Glacier restore specifically is Cantrill flagged for exam
S3 Events
What do you do if you want S3 events for things that S3 Events doesn’t support?
Use EventBridge
ACLs
Two levels os S3 things you can use ACLs with?
Bucket level and object level
ACLs
Advantage of S3 ACLs?
Can control permissions on individual objects.
ACLs
Four Grantees for ACLs?
Bucket owner, Everyone, Authenticated users, specific AWS accounts
ACLs
Who does Bucket Owner ACL apply to?
Only the AWS account that owns the bucket
ACLs
Who does Everyone apply to?
Literally everyone, including unauthenticated and un-SIGv4-signed requests
ACLs
Who does Auth Users apply to?
Anyone with a SIGv4-signed request
ACLs
Two types of S3 things that ACL permissions can apply to?
S3 objects and S3 Bucket ACLs
ACLs
What ACL permissions can you grant at the bucket level?
List objects, write objects, read bucket ACLs, write bucket ACLs
ACLs
What ACL permissions can you grant at the object level?
Read object, read object ACL, write object ACL (no write object perm exists!)
ACLs
How do you grant access via an ACL to another AWS account?
Need their “Canonical ID” since ACLs existed before IAM did.
ACLs
What happens if ACLs and IAM-based permissions conflict?
Any explicit deny anywhere denies access, else something has to grant access.