S3 Flashcards
What does S3 stand for?
Simple Storage Service
What is Amazon S3?
A secure, durable, highly scalable object storage for developers
What type of storage does S3 provide?
Object-based, where an object is a file
What is the size range for an S3 object?
0 bytes to 5 TB
What is the limit on S3 storage?
Unlimited
What are objects stored in?
Buckets
Can two S3 buckets from different users, in different regions, hold the same name?
Buckets must have globally unique names (S3 is a universal namespace)
Which code is received if the upload of a file to S3 is successful?
HTTP 200
What do objects consist of? (5)
- Key
- Value
- Version ID
- Metadata
- Subresources
What is the key of an object?
The name of the object
What is the value of an object?
The data, made up in a sequence of bytes
What is the metadata of an object?
Data about the data you’re storing
What are the subresources of an object? (3)
- Subordinates to objects
- Subresources do not exist on their own, must always be associated with another entity
- Subresources associated with S3 objects: access control lists & torrents
How do you control access to buckets? (2)
- A bucket access control list (ACL)
- Bucket policies
What is S3 not suitable for? (2)
- Installation of an operating system
- Hosting a database
How does data consistency work for S3? (2)
- Read after write consistency for PUTS of new objects
- Eventual consistency for overwrite PUTS and DELETES
What level of data consistency is achieved when uploading a new file?
Read after write consistency
What level of data consistency is achieved when overwriting/updating/deleting an existing file?
Eventual consistency
What does read after write consistency mean?
The file can be read straight after writing it
What does eventual consistency mean? (2)
- If you overwrite/update/delete an existing file, you might get v1 or v2 when you read it straight away
- But after waiting a period of time the file will be consistent and you’ll only get v2
What does it mean to PUT an object?
To upload, overwrite or update that object
What level of availability does Amazon S3 Standard guarantee?
99.9% availability
What level of durability does Amazon S3 Standard guarantee?
99.99999999999% durability (11 9s)
What are the features of S3 Standard? (2)
- Stored redundantly across multiple devices in multiple facilities
- Designed to sustain the loss of 2 facilities concurrently
What are the features of S3 - IA (Infrequently Accessed)? (3)
- Data accessed less frequently, but requires rapid access when needed
- Lower fee than S3
- Charged a retrieval fee
What are the features of S3 One Zone - IA? (2)
- Low cost option for infrequently accessed data
- Data that does not require multiple availability zone resilience
What are the features of S3 - Intelligent Tiering? (2)
- Cost-effective option
- Uses machine learning to automatically move data to the most cost-effective tier without performance impact
What are the features of S3 Glacier? (2)
- Secure, durable, low-cost storage for data archiving
- Configure retrieval time from minutes to hours
What are the features of S3 Glacier Deep Archive? (2)
- S3’s lowest cost storage class
- A retrieval time of 12 hours is acceptable
How many availability zones is the data stored on for all S3 storage classes bar S3 One Zone - IA?
At least three
Which storage classes charge a retrieval fee?
S3 Standard - IA, S3 One Zone - IA, S3 Glacier, S3 Glacier Deep Archive
What is first byte latency?
How quickly you’ll be able to access your data
What factors affect the charge for S3 storage? (7)
- Storage volume
- Region
- Requests
- Storage management
- Data transfer
- Transfer acceleration
- Cross region replication
How does transfer acceleration work? (3)
- Users upload files to the edge location rather than the bucket itself
- As data arrives at an edge location, it is routed to the S3 bucket over an optimised network plan
- Takes advantage of Amazon’s CloudFront globally distributed edge locations
What are the permissions on a bucket by default?
Private
Do bucket policies and access control lists apply changes at a bucket level, object level, or both? (2)
- Bucket policies apply changes at a bucket level only
- Access control lists apply changes at a bucket and object level
How can you log all requests made to an S3 bucket?
Configure your bucket to create access logs
Can you send access logs to a bucket in a different account?
Yes
What is encryption in transit?
Any data intercepted as it travels to or from Amazon S3 is protected by encryption
What is encryption at rest?
Data sat in a folder/bucket is encrypted
How is encryption in transit achieved?
Using HTTPS and Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
What are the three types of server side encryption at rest for S3 and their differences? (6)
- S3 Managed Keys (SSE-S3): Amazon manage the keys for you
- AWS Key Management Service (SSE-KMS): Customer manages the keys together with Amazon
- Server side encryption with customer provided keys (SSE-C): Customer provided keys
What is a key?
A way of decrypting and recrypting an object
What is client side encryption?
The customer encrypts the object, then upload it to S3
Can you disable S3 versioning, once enabled?
Once enabled, versioning cannot be disabled, only suspended
If you upload a new version of an object, does it hold the same permissions at the older versions?
No, all new versions are private
Do the permissions of older version of an object change upon uploading new versions?
No, the permissions of older versions don’t change
What is the size of a bucket containing objects with versioning enabled?
Size of bucket = size(new versions) + size(all old versions)
How can you provide an additional layer of security using S3 versioning?
Using the multi-factor authentication (MFA) delete capability of S3 version control
What occurs when you press delete on a file with versions enabled?
You’ve placed a delete marker on the file, not actually deleted it
How do you restore a version-control-enabled file that you’ve pressed the delete button of?
Press delete on its delete marker to restore it to the latest version
What happens if you press delete on a version of a file with versions enabled?
This actually deletes the selected version
If you enable cross-region replication (CRR), does it replicate existing objects in the bucket?
No, only objects uploaded after the CRR is set up
If you delete an object in a bucket with CRR enabled, is the delete market replicated to the CRR bucket?
No, the delete marker is not replicated
If you delete a version of an object in a bucket with CRR enabled, is the version deleted in the CRR bucket?
No, the latest version remains in the CRR bucket
What needs to be enabled in both the source and destination bucket to allow cross-region replication?
Versioning must be enabled for CRR
What is CloudFront?
A fast content delivery network (CDN) service
What is a content delivery network? (4)
A system of distributed servers (network) that delivers webpages and other web content to a user based on:
- Geographic location of the user
- Origin of the webpage
- Content delivery server
What is an origin? Provide four examples of origins (5)
The origin of all the files the content delivery network (CDN) will distribute. Can be a:
- S3 bucket
- EC2 instance
- Elastic load balancer
- Route53
What is a distribution? Give two types of distributions and their uses (3)
- A distribution tells CloudFront where you want content to be delivered from & the details of how to track and manage content delivery
- Web distributions: used for websites
- Real-time messaging protocol (RTMP) distributions: used for media streaming
Can you write to edge locations?
Yes
How long are objects cached for in endpoints, using CloudFront?
For the life of the time to live (TTL), in seconds
Can you clear cached objects?
Yes, but you will be charged
What is Amazon Snowball?
A petabyte-scale data transport solution which uses secure appliances to transfer large amounts of data into and out of AWS
What are the features of Amazon Snowball? (2)
- Low-cost, large scale data transfer: 1/5th of the cost of high-speed internet
- Multiple layers of security (tamper-resistant enclosures, encryption, full chain-of-custody)
What is Amazon Snowball Edge? (2)
- A 100 TB data transport solution which uses secure appliances to transfer large amounts of data into and out of AWS
- Also provides local compute, processing and storage capabilities
What is the difference between Snowball and Snowball Edge?
Snowball Edge provides local compute, processing and storage capabilities in addition to data transfer, while a Snowball is purely a data transfer device
When would you use a Snowball Edge rather than a Snowball? (3)
- As a temporary storage tier for large local datasets
- To support local workloads in remote or offline locations
- Ensure applications continue to run even when they’re not able to access the cloud
What can you do with multiple Snowball Edges?
Cluster them together to form a local storage tier?
What is Amazon Snowmobile?
An exabyte-scale data transfer service - up to 100 PB per snowmobile
What is AWS Storage Gateway? (2)
- A service that provides seamless and secure integration between an organisation’s on-premises environment and AWS’s storage infrastructure
- A virtual or physical device which replicates your data into AWS
How do you set up a Storage Gateway? (3)
- Download and install the virtual machine image OR deploy the dedicated hardware appliance
- Select an interface
- Assign local cache capacity
What are the three different types of Storage Gateway? (3)
- File Gateway (NFS & SMB)
- Volume Gateway (iSCSI)
- Tape Gateway (VTL)
What are the different types of Volume Gateway? (2)
- Stored Volumes
- Cached Volumes
How does a File Gateway work? (3)
- Files are stored as objects in your S3 buckets
- Accessed through a Network File System (NFS) mount point
- Once objects are transferred to S3 they are treated as native S3 objects
How does a Volume Gateway work? (2)
- Presents your applications with disk volumes using the iSCSI block protocol
- Data written to these volumes can be asynchronously backed up as snapshots of your volumes
What does it mean to back up data asynchronously?
Data is not immediately backed up after the primary storage acknowledges write complete - this happens over a period of time
What are snapshots of a volume?
Incremental backups which only capture changed blocks
How are snapshots of a volume stored?
As Amazon EBS snapshots
What are Stored Volumes? (2)
- Volume Gateways which store all primary data locally
- All data is asynchronously backed up to S3 as EBS snapshots
What are the benefits of Stored Volumes? (2)
- Provides on-premises applications with low-latency access to their entire datasets
- Alongside durable, off-site backups
How do you create a Stored Volume?
Create storage volumes on on-premises storage hardware, then mount these storage volumes as iSCSI devices from on-premises application servers
What is the volume range for Stored Volumes?
1 GB - 16 TB
What are Cached Volumes? (2)
- Volume Gateways which store all primary data in S3
- Only frequently accessed data is retained locally in your storage gateway
What are the benefits of Cached Volumes? (2)
- Minimises the need to scale on-premises storage infrastructure
- While retaining low-latency access to frequently accessed data
What is the volume range for Cached Volumes?
1 GB - 32 TB
What is a Tape Gateway?
A type of Storage Gateway which uses a virtual tape library (VTL) interface to allow customers to use existing tape-based backup application infrastructure to store data on virtual tape cartridges
What is each Tape Gateway preconfigured with? (2)
- A media changer
- Tape drives
