S3 Flashcards
S3 Soft bucket limit on accounts?
100
S3 Standard Reliability level?
Nine nines!
99.999999999%
Is s3 a file system?
NO!
It’s a flat address space. And although you can create folders, it is not a file system.
S3 File size limit
5TB
S3 Storage limit?
Unlimited
Best s3 storage class for high frequency access?
Standard
What does S3-I do that’s so special?
Automatically move less commonly used files to a cheaper storage class
S3 Glacier is best for storing
Archived data
How to move items in and out of glacier?
SDK or CLI
Quickest retrieve possible from glacier?
5 minutes - it’s also the most expensive
Standard retrieval from glacier takes
3-5 hours
Bulk retrieval from glacier takes
5-12 hours
Glacier Deep Archive is best used for…
Files you need to retain, but will rarely ever look at.
Time it takes to get something from Glacier deep storage?
Up to 12 hours
Negative effect of s3 versioning?
It can dramatically increase prices
When you delete a version item from s3, what happens?
A delete marker is added to the file, and the most recent version is deleted.
Can versioning of a s3 bucket be disabled?
No, only suspended.
Can a private s3 bucket be used for static website hosting?
No. It must be public apt available
If you switch encryption on, on an existing s3 bucket. Does it encrypt the items already in the bucket?
No
Advantage of encrypting s3 buckets with SSE-KMS
Better flexibility and management of the keys.
Advantage of SSE-S3 encryption
AWS handles all of it for you
What does s3 object lock do?
Prevents files being deleted
S3 Object Lock; governance mode. What does it do?
Prevents files being deleted for specified retention period.
S3 Object Lock Compliance Mode. What does it do?
Prevents files being deleted by anyone. Not even root!
If an item has an s3 object has “legal hold” on it. Can it be deleted at the end of it’s retention period.
Nope!
Purpose of tags in s3?
They help with billing
Transfer accelerator in s3 uses what AWS service to accelerate transfer speeds?
Cloud front
What do S3 events allow you to do?
Dispatch events to other AWS services
With request or payed enabled. What does the s3 bucket owner have to pay for?
The storage
Can you have unauthenticated access to a requester pays s3 bucket?
Nope. As AWS won’t know who to charge.
True or false. To use object lock on an s3 bucket, versioning must be enabled?
True
Can object lock be set on an existing s3 bucket?
Nope. Only on creation.
S3. Can you disable object lock on a bucket?
Nope.
True or false. S3 log bucket must be in the same region as the s3 bucket being logged.
True
True or false. S3 log bucket must be in the same region as the s3 bucket being logged.
True
In s3 logs. If certain information is not available. What character is shown in the data’s place?
-
S3 object level logging uses what AWS service.
Cloud trail
What s3 policies should you use for maximum security?
Of many of them as you can
What does ACL stand for?
Access control list
S3 multipart upload is recommended for all files over what size?
100mb
Describe what s3 multipart upload does
Splits files into multiple parts, uploads them, and automatically reassembles them.
Advantages to s3 multipart upload?
Faster (as multiple files can be uploaded at once)
Protects from interruptions
Allows for upload management.
Does s3 copy to multiple regions by default?
No. Only multiple availability zones by default
S3 Glacier, Expedited retrieval. What’s the file size limit?
250mb
Glacier max archive size?
40tb
Durability of S3 standard and Infrequent access storage classes.
99.999999999%
11 nines.
S3 standard, what’s the availability in percentage?
99.99%
Four nines
S3 infrequent access availability in percent.
99.9%
Three nines.
Snowball device HD size?
50TB/80TB Dependant on Region
True or false, all data transferred onto a snowball is auto encrypted?
True
Snowball device onboard connection types
Rj45
SFP Copper
SFP Optical
What standards do AWS conform too, to wipe data from snowballs after you have used them?
NIST
Is snowball HIPAA compliant
Yes.
Can Snowball be used to retrieve data from AWS as well as deposit it?
Yes
If data retrieval from s3 over network will take longer than “x” use snowball
1 week
Security features of a snowball device?
Dust and water resistant.
Tamper proof
It’s shipping crate can absorb substantial shock.
Can snowballs be aggregated together for larger transfers?
Yes.
AWS Storage Gateway. What is it?
Software, to act as a gateway between your onsite storage and S3.
Storage gateway software comes packaged as?
A VM.
What does VTL stand for?
Virtual tape library
VTL Tape limit?
1500
AWS Storage Gateway: File Option, explain
Allows you to store items as individual s3 objects.
AWS Storage Gateway: Volumes, Explain.
Backup volumes.
AWS Storage Gateway, Volumes.
It keeps all your data locally and asycronously copies it to s3.
True or false?
True.
AWS Storage Gateway, Volumes.
Volume limit per gateway.
32 volumes.
S3 request costs are priced per
1000
True or false. S3 delete requests are free.
True.
What do s3 batch operations allow for?
Batch operations on many buckets and objects at once.
How are s3 batch operations priced?
Per batch job.
Per million operations performed.
S3 charges for.
All requests (apart from delete)
Data transfer out
Storage
Data transfer in s3 is free of charge. When.
Data is being transferred in.
Items are transferred to EC2 instances
Items are transferred to cloud flair.
What is s3 glacier select?
A service for scanning and retrieving smaller parts of your glacier vaults.
True or false. The actual replication process in s3 carries no cost. But the extra storage does.
True.
All s3 storage classes are priced per
GB
Multi region s3 buckets. Provide eventual consistency on deletes. True or false?
True
In s3 what does read after write functionality allow you to do?
Immediately download the file you just uploaded.
What does s3 file gateway do?
Allows you to store and access objects in s3 using using NFS and SMB file protocols.
True or false. A successful response to a put request, is only triggered after the file has finished uploading?
True
In S3. If you immediately update an object with a new version, then immediately try to access it. What might happen?
You may download the older version.
True or false. S3 provides eventual consistency for overwrote PUTs and Deletes
True
In a single pit request. What is maximum file size?
5gb
True or false. VPC flow logs allow you to log s3 access info?
False
Your two options for logging s3 access requests are.
S3 server logging
Cloudtrail
Minimum and maximum file storage sizes in s3
0 bytes. 5 TB.
In a version enabled bucket. What does deleting an object do?
Add the delete marker to the object.
You wish to notify a group of users that an s3 file has finished uploading. How might you do this?
Use s3 event notifications.
These could write to SNS or a Lambda function which emailed relevant people.
Cross region replication. Requires versioning to be switched on. On what buckets?
Destination and source.
Can you create an s3 bucket, within an s3 bucket?
No
What is the difference between an object and a file in s3?
Metadata.
When creating a file in s3. Does the object owner have full control of it?
Yes
What s3 storage options incur costs on data retrieval?
Glacier
Standard Infrequent Access
Can you store objects smaller than 128kb in S3 standard IA storage class?
Yes. But it’s billed as if it were 128kb.
How much data can you retrieve from glacier storage, for free, every month.
10gb
To download an object from a request or pause object, you must include something in your request.
amz-request-payer
True or false. Standard Infrequent Access Storage has a minimum 30 day stroage duration?
True
Can a user upload more than 1000 parts as part of a multipart upload?
Yes. But it requires additional requests.
Each request contains a maximum of 1000 parts.
Can an object be uploaded to s3 via multipart upload if it is less than 5mb?
Only if it’s the last part.
When uploading an object to the s3 console, can you set logging?
Nope
Can s3 uploads resume of failure?
Yes
When a user initiated a multipart upload. How does s3 track all the parts?
She returns a response with an upload ID for each initiation
Is it required to send both the access key and the secret access key in the REST request to amazon s3?
Yes
When accessing an s3 bucket by rest. What must be included in the request?
AWS access key is
Signature
Timestamp
Date
In amazon s3 bucket policies. What do you use to grant cross account access?
Canonical user ids.
Data in transit to s3 can be secured using?
SSL
Is life cycle configuration possible on s3 buckets with MFA
Nope
Regardless of if versioning is enabled or not. All objects in an s3 bucket have a version ID. Yes or no?
Yes
A user has set an expiration rule for objects on an s3 bucket. Can there be a delay between an objects deleted day and the expiration rule date?
Yes. It’s added to a queue and happens eventually.
S3 bucket versioning. What are the three possible states?
Versioning enables
Unversioned
Versioning suspended
You have an unversioned bucket with objects in it. You switch on versioning.
What will the version ID be for existing objects?
Null
A user has created objects using s3. The objects are moved to glacier at five days, and at 10 days are deleted.
On day 7, the user decides to temp restore the files for five days. What happens on day 10?
Everything is deleted. Including the temp restored files.
How does s3 ensure high availability and durability?
When you upload, behind the scene, s3 copies the file to multiple psychical locations.
You enable cross region replication on an existing s3 bucket. Are the existing objects replicated to another region?
No. Only new objects.
To request the retrieval of an item from glacier. You must create a…
Job
You send items to glacier in one of two ways.
API
Life cycle policies
What’s more durable. EBS or s3?
S3
For traffic encryption between onsite infrastructure and s3 use what service?
Amazon Managed VPN
Does S3 have a rest API?
Yes
What’s the difference between compliance mode and governance mode?
Compliance mode prevents objects being updated or deleted.
Governance mode prevents deletion.
Are legal holds configured at bucket level or object level?
Object level
Can you configure object lock settings via batch operations?
No
At what level can you apply ACLs to S3
Object and bucket
When providing your own encryption key for s3. Is it possible to have different encryption keys for different versions of the same object?
Yes
You back up your database to EBS. If doing so, amazon also recommends you back the database to …
S3
Can s3 automatically rotate a user provided encryption key?
No it mist be done manually be the client
You want to save money on multi part uploads. How to do this?
Create a life cycle policy to automatically delete failed multipart uploads
You should use multipart uploads if a file is bigger than
100mb
You don’t know the size of a file that’s being uploaded to s3. Should you use multipart upload?
Yes
Offload All Assets to S3. Is this a key concept of high performance architecture
You bet your sorry ass it is!
S3 objects are immutable. What does this mean?
The only way to change a single byte, is to replace the whole object.
Does an s3 legal hold have a retention period?
No it’s indefinite. Until it is removed.
Describe an s3 legal hold
Prevents an object being overwritten or deleted, for as long as the lock is on the object.
You need to audit the encryption status, and the replication details of objects in an s3 bucket. How to do this?
S3 Inventory
How can you query S3 inventory?
Athena
What does s3 inventory do?
Allow you to export inventory reports of all items in a bucket.
Does s3 allow you to upload an already encrypted object?
Yes
To reduce latency to s3 users in different geographical locations use…
CRR - across Region Replication
You need to transfer large amounts of content to s3. You can’t use snowball and you don’t have a dedicated connection. What could you use?
S3 and transfer acceleration.