S3

Question 1

What is object storage ?

Answer 1

manages data as objects as opposed to file storage or block storage

Question 2

S3 objects consist of ?

Answer 2

Key, Value, Version ID, Metadata

Question 3

Universal namespace meaning ?

Answer 3

Each bucket name should have unique name much like domain name. Also DNS complaint.

Question 4

S3 file size limit ?

Answer 4

0B to 5TB

Question 5

Durability of object means ? What is the durability of S3 object ?

Answer 5

Chances of the object being intact. 11 9’s durability i.e. 99.99999999999

Question 6

Storage Classes of S3 and how they differ ?

Answer 6

Standard (99.99% avail, Replicated across 3 zones),
Standard IA (cheaper if access less than once per month, retrieval fee, min days - 30)
One Zone IA (Avail 99.5%, 20% cheaper, durability reduced, min days - 30)
Glacier (long term storage, min days - 90)
Glacier deep archive (12 hrs retrieval, min days - 180)
Intelligent tiering (uses ML to decide lifecycle)

Question 7

By default what is the security measures ?

Answer 7

All buckets are private

Question 8

Logging of bucket request ?

Answer 8

Can be enabled, log files are generated in different bucket and can be saved to different bucket in different account as well

Question 9

Access Control Lists vs Bucket Policies ?

Answer 9

ACL are legacy but convenient to use. For complex rules bucket policies are required.

Question 10

Encryption in S3 transit provided by ?

Answer 10

SSL/TLS

Question 11

At rest encryption in S3 ?

Answer 11

Server side encryption possible.

1. SSE - AES - S3 handles the keys, AES-256 architecture used
2. SSE - KMS - envelope encryption, you manage the keys that in turn encrypts the keys used by AWS
3. SSE - C - client keys used

Question 12

S3 new object PUT consistency ?

Answer 12

Read After Write consistency. You can immediately read after uploading to S3

Question 13

S3 overwrite / delete consistency ?

Answer 13

Eventual consistency provided. It takes time for S3 to replicate versions in different AZs so might take few seconds.

Question 14

S3 CRR ?

Answer 14

Cross region replica allows to store in different regions for higher durability in case of potential disasters. Both buckets should have versioning on. Can be in different accounts.

Question 15

S3 versioning ? Disabled ? Lifecycle rules ? Deletion

Answer 15

Stores all versions of the object.

• Cannot be disabled once enabled. Only suspended.
• Fully integrates with lifecycle rules
• Simply deleting an object would insert a delete marker and S3 will return 404 on seeing it. To actually delete you need to specify version as well while deleting.

Question 16

S3 Lifecycle Management ?

Answer 16

Can be automatically moved to different storage classes. You can select either current version as well as all previous versions.

Question 17

S3 Transfer Acceleration ? When to use it ?

Answer 17

S3 TA is used to optimise the path that S3 objects follow inside the Amazon Backbone Network. Cloudfront is used to accelerate the transfer from edge locations to S3, rather than direct S3. Speed tool can be used for comparison of normal upload vs TA.

Question 18

What are S3 preassigned URLS ? When used ?

Answer 18

They are used to grant access to private objects for certain amount of time. Let’s say user logged in and we need to make him download something so we just expose it for 5 seconds.
aws s3 preasign s3://bucket/ object –expires-in 300

Question 19

Who can delete the objects from bucket ?

Answer 19

Only root user

Question 20

MFA Delete ?

Answer 20

Requires MFA on any delete. AWS CLI and versioning required.

Question 21

You can create buckets in which region ?

Answer 21

S3 buckets can be created in any region but in interface we see global region so all listed

Question 22

Version ID of the first time object is uploaded when versioning has not been enabled ?

Answer 22

NULL. If versioning is turned on then even first time upload will have a version ID.

Question 23

My original object was public, the new version of same will also be ?

Answer 23

No the new versions don’t by default inherit the properties of previous versions

Question 24

Does enabling Server Side encryption turns it on for all files in bucket ?

Answer 24

No the pre-existing files have to be encrypted by going to their properties. New files will be automatically encrypted.

Question 25

S3 CLI commands ?

Answer 25

ls, cp, mv, preassign

Question 26

Can I change storage class while CRR ? And ownership ?

Answer 26

Yes. To save cost this can be done. Even ownership can be changed to some other account.

Question 27

What is policy generator ?

Answer 27

We can use it to define bucket policies, rather than writing the JSON.

Question 28

What do principal and ARN stand for in bucket policy generator ?

Answer 28

Principal is the resource accessing the bucket, ARN is the bucket/bucket path to which access needs to be modified.

Question 29

Successful upload of object return what status ?

Answer 29

HTTP 200

Question 30

Snowball used for ?

Answer 30

Transferring large data to S3. End to end encryption. uses Trusted Platform Module. 50 TB and 80 TB sizes.

Question 31

Snowball edge used for ?

Answer 31

For transferring and also performing local workloads or edge computations. Storage, compute or GPU optimised. 100 TB or 100TB clustered.

Question 32

Snowmobile used for ?

Answer 32

100 PB of data transfer capability. To S3 or Glacier.