S3

Question 1

What does S3 means?

Answer 1

Simple Storage Service.

Question 2

What are S3 File Size Limit ?

Answer 2

0B to 5 TB. Unlimited Storage

Question 3

S3 Naming Convention / Buckets

Answer 3

• Names use a universal namespace.
• Names must be globally unique (not specific to a region)
• Buckets are similar to folders
• Data is stored in key-value pairs.

Question 4

What is S3 Data Consistency Model?

Answer 4

1. Read after write for PUTS of new objects
2. Eventual consistency for overwrite PUTS and DELETES (it can take some time to propagate)

Question 5

What are the storage classes/tiers of S3?

Answer 5

S3 Standard General purpuse, (Durable, immediately available, frequently accessed).

S3 - Intelligent Tiering - Designed to optimize cost of unknown or changing access patterns, by automatically moving data to the most cost-effective tier.

S3-IA (Infrequently accessed) (Durable, immediately available, infrequently accessed).

S3-IA One Zone (Durable, immediately available, infrequently accessed, only available in one availability Zone).

S3 - Glacier - Secure, durable and low-cost for data archiving, retrieval from minutes to hours.

S3 - Glacier Deep Archive - Lowest cost storage, with retrieval of 12 hours acceptable.

Question 6

What are S3 Encryption Capabilities:

Answer 6

In transit:

SSL/TLS

At Rest:

On the server side:

• S3 Managed Keys SSE S3- Amazon manages all keys
• S3 Key Managed Service - SSE KMS - Customer and AWS
• S3 Customer Provided Keys - SSE - C

On the customer side:

• You upload everything encrypted.
  1) Client Side Encryption 2) Server Side Encryption (SSE) 2a) Amazon S3 Managed keys (SSE-S3) 2b) KMS (SSE-KMS) (provides audit logs) 2c) Customer-Provided Keys (SSE-C)

Question 7

How do you control Bucket Access ?

Answer 7

By default buckets are private and all objects stored inside them are private

You can grant access to them with:

1) Bucket ACLs
2) Bucket Policies

Question 8

Describe S3 Versioning features.

Answer 8

• Stores all versions of an object. (inclusive of writes and deletes)
• A great backup tool
• Can be integrated with life-cycle rules
• You pay for each version of an object.

Question 9

Can versioning be disabled?

Answer 9

No, versioning can never be disabled, only suspended.

Question 10

How does Versioning works with MFA?

Answer 10

Versioning can integrate MFA with the delete option.

Question 11

What does S3 CRR stands for?

Answer 11

Amazon S3 Cross Region Replication.

Question 12

What is S3 Cross Region Replication (CRR)?

Answer 12

It’s a feature that can be enabled in S3, to replicate data from one bucket in one region to another bucket in another region. This can be done for Disaster Recovery

Question 13

What are Cross Region Replication (CRR) Requirements?

Answer 13

1. Versioning must be enabled on both the source and destination buckets.
2. Regions must be unique.
3. Existing Files in the bucket are not replicated automatically.

Question 14

CRR Restrictions:

Answer 14

1. You cannot replicate to multiple buckets.
2. You cannot Daisy chain your multiple region buckets.
3. Delete markers are not replicated, nor deleted versions.
4. Deleting individual versions or delete markers will not be replicated.

Question 15

What is S3 Lifecycle Management?

Answer 15

• It’s an S3 feature that allows to move objects accross storage classes, according to rules
• Can be used in conjunction with versioning
• Can be applied to current and previous versions.

Question 16

Explain some usual S3 Lifecycle Management rules:

Answer 16

• Move objects from Standard to IA storage class after 30 days of creation.
• Archive to the Glacier storage Class after 30 days
• Permanent delete of old objects

Question 17

If you are looking to reduce storage costs how would you go about doing this?

Answer 17

Enable Lifecycle Management

Question 18

How can you Secure your S3 Buckets ?

Answer 18

• They are set to private by default.
• You can setup ACLs
• You can create Bucket Policies S3
• Buckets can be configured to create access logs which log all requests made to the S3 bucket.

Question 19

What is Snowball?

Answer 19

AWS Snowball is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using storage appliances designed to be secure for physical transport

Question 20

What is Snowball Edge ?

Answer 20

It is a snowball with compute functionality.

AWS DC in a box.

Question 21

What is Snow Mobile?

Answer 21

• This is a container on a truck, designed for massive amounts of data migration.
• Peta and Exabyte sized storage.
• USA only

Question 22

What is S3 transfer acceleration?

Answer 22

Its an S3 feature that allows the usage of CloudFront Edge Locations, and then AWS uses it’s backbone to transfer data to the actual bucket.

Once enabled, it creates a distinct URL to upload your files.

Question 23

What are the restrictions to use S3 as a static website?

Answer 23

• No PHP, no [dot]NET.
• Websites that require DB connections cannot be hosted on S3.

Question 24

How can you protect S3 from deleting objects?

Answer 24

Enabling Delete MFA.

Question 25

What is previous name of S3 One Zone IA?

Answer 25

S3 Reduce Redundancy Storage (S3 RRS)

Question 26

What can developers don with S3 that can’t do with on-premises solutions?

Answer 26

S3 enables any developer to leverage Amazon’s own benefits of massive scale with no up-front investment or performance compromises. No matter how successful their business become, their data will be accessible, available and secure.

Question 27

How is S3 data Organized?

Answer 27

• S3 is a simple key-based object storage.
• When data is stored, you assign a unique object key that can be later be used to retrieve your data.
• You can use as well Object Tagging to organize your data.

Question 28

What kind of storage is S3 suitable for?

Answer 28

it’s an Object-based storage, suited to upload files from anywhere on the internet, not to be used for OS nor Databases.

Question 29

What status code an upload to S3 generates?

Answer 29

HTTP 200 status code

Question 30

What is S3 Object Lock?

Answer 30

It’s an S3 feature that allows to save objects using a WORM model.

Question 31

What is the S3 Object-Lock WORM model?

Answer 31

Write Once Read Many, prevents the object from being deleted or overwritten for a fixed amount of time or indefinetely.

Question 32

What happens to S3 permissions when you upload a new version of files to S3?

Answer 32

If it was public, new version will return it to private.

Question 33

What happens when you delete a file inside a bucket with Versioning enabled?

Answer 33

A new version of the file is added, with a “delete marker”, that prevent us from seeing the file in the “regular” view.

Question 34

How can you enhance prevention of accidental deletion of files?

Answer 34

By enabling MFA delete capability

Question 35

How can you specify which objects will be processed by a Lifecycle management rule?

Answer 35

• By using prefix or tags.
• By targeting current and/or previous versions.

Question 36

What are 2 actions you can apply to S3 objects with Lifecycle management?

Answer 36

• Transition them to cheaper Storage tiers after a defined time.
• Expire and delete them permanently.

Question 37

What options do you have when setting up a bucket Cross Region Replication?

Answer 37

• You can replicate either the entire bucket or just prefix or tags.
• You can replicate to the same or to a different account.
• You can choose the destination region
• You can change the Storage class.
• You can change the destination ownership

Question 38

What is AWS Storage Gateway?

Answer 38

It’s a service that connects an on-premises appliance to AWS Storage Infrastructure.

Theres are physical or software appliances (vmware/Hyper-V)

Question 39

What types of Storage Gateways exist?

Answer 39

3 types:

• File Gateway (SMB & NFS)
• Volume Gateway (iSCSI)
  
  • Stored Volumes
  • Cached Volumes
• Tape Gateway (VTL)

Question 40

Describe S3 Storage Gateway - File Gateway service

Answer 40

Provides an SMB/NFS server on your data center, that stores all files in an S3 bucket, that works just as a regular Bucketn in AWS.

Question 41

What is AWS Storage Gateway Volume Gateway?

Answer 41

It’s a service that presents iSCSI volumes to your applications locally. Data written will be asynchronously backed-up as EBS snapshots stored in S3.

There are 2 options - Stored Volumes and Cached.

Only changed blocks are replicated, and storage is compressed.

Question 42

Describe AWS Storage Gateway, Volume Gateway Stored Volume?

Answer 42

• All data is stored locally.
• Provides low-latency to the entire dataset.
• Asynchronously replicates to S3 as EBS snapshots.
• 1-16 TB volumes.

Question 43

Describe AWS Storage Gateway, Volume Gateway Cached Volume?

Answer 43

• All data is stored in S3, with frequently acced data cached to your local storage
• Provides low-latency for frequently accesed data.
• 1-32 TB volumes.

Question 44

Describe AWS Storage Getaway - Tape Gateway

Answer 44

• Works with major backup software.
• Offers iSCSI and VTL protocols.

Question 45

What is AWS Athena?

Answer 45

• It’s a query service that can be used to query S3.
• it’s serverless (nothing to install)
• Pay per query / per TB scanned.
• Commonly used to analyze Logs saved to S3.

Question 46

What is PII and examples?

Answer 46

Personal Identifiable Information

• SSN
• email address
• phone number
• credit card number

Question 47

What is AWS Macie?

Answer 47

It’s a AWS Service that uses ML and NLP to discover, classify and protect sensitive data stored in S3.

Question 48

What can Macie do?

Answer 48

• Security Dashboards, Reporting and Alerts
• Work directly with S3 data
• Can analyze CloudTrail logs
• Helps on PCI - DSS audits
• Prevents ID theft

Question 49

How to manage S3 logs?

Answer 49

S3 buckets can be configured to create access logs, which will log all requests made to the bucket. These logs can be sent to another bucket.

Question 50

What information is saved for each object in a bucket?

Answer 50

• Key (name)
• value (actual data of the object)
• Version ID
• Metadata
• subresources
  
  • ACLs
  • Torrents

Question 51

Describe 3 ways of sharing S3 buckets accross accounts

Answer 51

• Using bucket policies and IAM
  
  • Applies to entire bucket
  • Programmatic access only
• Using Bucket ACLs & IAM
  
  • Individual Objects
  • Programmatic access only
• Cross-Account IAM roles
  
  • Applies to entire bucket.
  • Programmatic and Console access.

Question 52

What is an S3 Lifecycle policy?

Answer 52

• Automates moving objects accross S3 storage Tiers.
• Can be used in conjunction with versioning.
• Can be applied to current and/or previous versions.

Question 53

What is an S3 ACL?

Answer 53

• An Account Control List (ACL), is a subresource attached to every bucket and object in S3.
• Defines what Accounts and Groups are granted access to this resource and the type of access.
• It’s saved in an XML format

Question 54

What is the limit of PUTS per second on an S3 bucket?

Answer 54

3500 PUTS per second.

Question 55

What are the 4 ways you can present an S3 URI?

Answer 55

• Virtual Hosted Style
• Path-Style Access
• Static Web Site
• Legacy Global Endpoint URL

Question 56

With a bucket named “mybucket”, what would be virtual style and path style URLs?

Answer 56

Virtual: mybucket.s3.region.amazonaws.com/

Path-Style: s3.region.amazonaws.com/mybucket/

Question 57

How many buckets can you create in a single account?

Answer 57

100 by default, up to 1000 raising a service ticket.