S3

Question 1

What is Simple Storage Service (S3)?

Answer 1

An object-based storage. Store unlimited data without worry of underlying storage infrastructure

Question 2

Across how many AZs is the data replicated across?

Answer 2

3 to ensure 99.99% availability and 11’ 9’s of durability

Question 3

What can objects contain?

Answer 3

any type of data

Question 4

What are the size limits for Objects

Answer 4

“0 Bytes up to 5 Terabytes
up to 5GB in a single PUT
for larger objects use Multipart upload”

Question 5

What can Buckets contain?

Answer 5

objects and folders

Question 6

What are the naming rules for S3 buckets?

Answer 6

They must be unique across all AWS accounts

Question 7

What status code do you get from a succesful upload to an S3 bucket?

Answer 7

HTTP 200 code

Question 8

What is the Lifecycle Management feature

Answer 8

Automatically deletes or moves objects between storage classes based on a schedule

Question 9

What is the Versioning feature

Answer 9

“Objects are given a Version ID
Old objects are not removed upon upload of new objects
Old objects can be accessed via their Version ID
Deleting a newer version object restores the previous version
Once Versioning is activated it cannot be turned off only suspended”

Question 10

What is the MFA Delete feature?

Answer 10

“Multi-Factor Authentication Delete
Delete operations require MFA token
Versioning must be turned on
MFA delete function can only be activated via the AWS CLI
Root account is allowed to delete objects”

Question 11

What is the default bucket public access setting?

Answer 11

Private

Question 12

What logging options do S3 buckets have?

Answer 12

“CloudTrail
Object-level logging to track operations performed on objects
CloudWatch
Monitor requests in your bucket”

Question 13

Where do you configure a buckets Access control?

Answer 13

“Bucket Policies requiring a JSON

Access Control Lists(ACL) GUI”

Question 14

Bucket Policy vs ACL

Answer 14

“Bucket Policies are complex and allow more customization

ACL’s are simplified and offer limited customization”

Question 15

What is the SSE feature? How many options does SSE offer?

Answer 15

“Server Side Encryption

currently 3 options”

Question 16

SSE-AES vs SSE-KMS vs SSE-C

Answer 16

“SSE-AES
AWS handles the key and uses Advanced Encryption Standard(AES)-256 algorithm
SSE-KMS
Envelope encryption via AWS Key Management System(KMS) managed by you
SSE-C
Customer provided key (you manage the keys)”

Question 17

What is Client-Side Encryption?

Answer 17

“The practice of encrypting files before uploading them to the S3
This is not a feature just a common practice”

Question 18

What is the Cross Region Replication (CRR) feature?

Answer 18

“Allows replication across regions for greater durability
Must have Versioning turned on
Can have CRR replicate to a bucket in another AWS account”

Question 19

What is the Transfer Acceleration feature?

Answer 19

“Provides faster and more secure uploads from anywhere in the world
Data is uploaded via a distinct url to an Edge Location
(Edge Locations refer to the zone or region from which the end user accesses the service)
Data is transfered via the AWS backbone network”

Question 20

What is the Presigned Urls feature?

Answer 20

“A url is generated via the AWS CLI or SDK ot provide temporary access to write or download object data
This is a common way to provide access to private objects”

Question 21

What are an S3 bucket’s properties?

Answer 21

"Versioning
Server access logging 
Static website hosting
Object-level logging - using CloudTrail
Tags
Transfer accelerations
Events"

Question 22

What is the storage class feature?

Answer 22

An object level feature providing different storage options

Question 23

What are the storage class’s offered?

Answer 23

"Standard
Standard-IA(infrequent access)
Intelligent-Tiering
One Zone-IA
Glacier
Glacier Deep Archive"

Question 24

What is metadata?

Answer 24

"An object level feature providing system metadata.
    Date
    Content-Length
    x-amz-server-side-encryption
    x-amz-version-id
    x-amz-storage-class"

Question 25

What is the eventual consistency feature?

Answer 25

“Overwrite PUTS and DELETES remain in the bucket until the deletion is fully propagated
GETS could list an object before the PUT or DELETE takes place”

Question 26

What is read-after-write consistency?

Answer 26

“New objects added in US Standard region rule:
PUTS of new objects are immediatly accessable
unless HEAD or GET directly proceeds PUT of new object”

Question 27

system vs user meta data

Answer 27

“System - can only be altered by the system
User - can be altered by either the system or the user
All optional user-defined metadata names begin with x-amz-meta-“

Question 28

What feature do you need to enable for writing logs into an S3?

Answer 28

“public access to the bucket is not required

PutObject access for Log Delievery group”

Question 29

What is the Log Delivery Group?

Answer 29

A special delivery account provided by AWS that controls access restrictions when using logging

Question 30

What are valid url patterns for S3 buckets?

Answer 30

“Virtual hosted style - bucket.s3.aws-region.amazonaws.com

Path style - s3.aws-region.amazonaws.com/bucket”

Question 31

What is a delete-marker?

Answer 31

When using versioning if you delete an object the version is kept in record but is marked to indicate it should not be used as the current version

Question 32

How do you permenantly delete a version from an object?

Answer 32

You must specifically delete the object by VersionId

Question 33

glacier retrieval times

Answer 33

The vault lock and standard retrieval are standard with 3 to 5 our retrieval time. bulk retrievals which can be considered the cheapest option have a 5 to 12 our retrieval time. expedited retrievals allow access in 125 minutes for a flat rate of $0.03/gb

Question 34

OAI and permission best practice

Answer 34

Create and OAI user to associate with distribution and modify permission on S3 bucket using object ACL’s