S3

Question 1

What is a bucket?

Answer 1

A bucket is a container of objects uploaded to S3.

Question 2

What are some rules that bucket names must follow?

Answer 2

• A name must be unique across all the existing bucket names in Amazon S3.
• Must comply with DNS naming conventions.
• They cannot be ip addresses
• Must not contain underscore and uppercase letters
• Can start only with a lowercase letter or a number

Question 3

What is the default access of buckets?

Answer 3

Buckets are private by default.

Question 4

What are folders on Amazon S3?

Answer 4

Folders are saved as objects. Next to the specified name a forward slash “/” is appended and the object is displayed as a folder in the S3 console.

Question 5

What is the maximum size of a file?

Answer 5

The maximum size of a file is 5TB.

Question 6

What is the maximum file transfer size for a single PUT?

Answer 6

5 GB

Question 7

What content type is used for files larger than 100 MB?

Answer 7

Multipart

Question 8

What is Amazon S3?

Answer 8

Amazon S3 is a simple key-based object store. 
Only files (objects) can be stored on S3.

It’s a simple storage service that offers an extremely durable, highly available, and infinitely scalable data storage infrastructure at very low costs.

Question 9

How do you communicate with Amazon S3?

Answer 9

Amazon S3 provides a simple, standards-based REST web services interface that is designed to work with any Internet-development toolkit.

Question 10

What is the maximum storage capacity?

Answer 10

There is unlimited storage available.

Question 11

What is the characteristic of updates to an object on S3?

Answer 11

Updates to objects on S3 are atomic. When reading an object you either get the old object or the new one. You will never get a partial, corrupted object.

Question 12

What about event notifications?

Answer 12

Event notifications for specific actions, can send alerts or trigger actions. Notifications can be sent to:

• SNS Topics.
• SQS Queue.
• Lambda functions.

Question 13

What is S3 data made up of?

Answer 13

S3 data is made up of:

• key (name)
• value (data)
• version id

Question 14

What do you use to manipulate objects?

Answer 14

In order to manipulate objects (upload, download, delete, etc.) a REST API over HTTP is used.

S3 is accessible via a public endpoint of the form:

http://s3.aws-region.amazonaws.com/bucket (path style url)

or it can be also

http://bucket.s3.aws-region.amazonaws.com (virtual hosted style url)

Question 15

What are the states of a backet with regard to versioning?

Answer 15

• unversioned (default)
• versioning enabled
• versioning-suspended

Question 16

What happens after versioning has been enabled?

Answer 16

Versioning can be only suspended on a bucket, a bucket cannot be unversioned anymore.

Question 17

What do you need to know in order to delete a particular version of an object?

Answer 17

You need to know its version id.

Question 18

What is the version id of an object that has been added to a bucket before versioning was enabled?

Answer 18

In this case the version id is null.

Question 19

What happens to an existing object if you deactivate bucket versioning and you update it?

Answer 19

The version id becomes null, and that version becomes the latest version.
The previous versions do not get deleted, and thereon all the changes are applied against this version.

Question 20

What does Server Access Login provide?

Answer 20

Server Access Login provides detailed records for the requests that are made to a bucket (source bucket)

Question 21

What is Server Access Logging used for?

Answer 21

It’s used for security purposes and auditing

Question 22

What is Server Access Loging default state?

Answer 22

Server Access Login default state is disabled by default.

Question 23

What happens when you enable Server Access Login?

Answer 23

When you enable it you will have to select a bucket where the logs will be delivered to (a target bucket) which can be the same as the source target. Source and target bucket should be in the same region.

If source and target bucket are the same you can select a different prefix to identify the logs.

Write permission should be granted to Amazon S3 Log Delivery Group on the target bucket.

Question 24

What is the content of a Server Access Logging record?

Answer 24

A log record contains:

• the name of the bucket which was accessed (source bucket)
• the requester
• the request time
• the request action
• the request status
• the error code (if any)

Question 25

What is one of the possible ways to dump logs?

Answer 25

Logs of multiple source buckets can be dumped in a single target bucket

Question 26

When are logs delivered?

Answer 26

Server access logs are delivered on a best effort basis.
Most records are delivered within a few hours from the time they were recorded but timeliness of server logging is not guaranted.

Question 27

What is the main difference between Server Access Logging and Object Level Logging?

Answer 27

Server Access Logging is performed at the bucket level while object level logging is executed at the object level.

Question 28

What happens if object-level logging is activated and a user on application tries to access an object?

Answer 28

If a Cloud Trail is set up for the S3 bucket Data Event, the logs will be created in the target bucket.

Question 29

What is the region where Cloud Trail must be activated?

Answer 29

Cloud Trail must be activated in the same region as the S3 bucket.

Question 30

How many kinds of encryption there are on S3?

Answer 30

Client-side encryption and Server Side Encryption.

Question 31

What is S3 server-side encryption?

Answer 31

In SSE, it’s the S3 server that is in charge of the encryption and decryption; whereas, in client-side encryption it is the customer who is in charge of that.

Question 32

How many options does S3 server-side encryption provide?

Answer 32

S3 SSE provides 3 options:

• SSE-S3 in which S3 manges the data encryption key and the master key
• SSE-KMS in which KMS creates and manages the data encryption key and the master key;
• SSE-C in which S3 manages the keys that are provided by the user.

Question 33

How many options does S3 client-side encryption provide?

Answer 33

S3 CSE provides 2 options:

• CSE with KMS-Managed Customer Master Key;
• CSE with Client-side Master Key (S3 Encryption Client)

Question 34

What is an S3 ACL?

Answer 34

• It enables you to manage access to buckets and objects. Each bucket and object has an ACL attached to it as a sub-resource.
• It defines which AWS accounts or groups are granted access and the type of access.
• When a request is received against a resource, S3 checks the corresponding ACl to verify that the requester has the necessary access permissions.

Question 35

What is a Bucket policy?

Answer 35

It grants other AWS accounts or IAM users permissions for the bucket and the objects in it.

Object permissions apply only to the objects that the bucket owner creates.

Question 36

What is the purpose of an S3 ACL?

Answer 36

To grant basic read/write permissions to other AWS accounts.

Question 37

What permissions can be granted through S3 ACL?

Answer 37

READ, WRITE, READ_ACP, WRITE_ACP, FULL CONTROL

Question 38

How do you handle objects with S3 ACL if you are not the owner?

Answer 38

You need to use the object ACL.

Question 39

What is a tag?

Answer 39

A tag is a way to label the AWS resources.

This way they can be easily managed, searched for and filtered.

Question 40

What is a tag made of?

Answer 40

A tag is made of a key-value pair.

Question 41

What is S3 Transfer acceleration?

Answer 41

It enables fast, easy and secure transfers of files over long distances between your client and S3 bucket.

It can upload objects over long distances in an accelerated manner.

Question 42

What is multipart upload?

Answer 42

It enables to upload large objects in parts for fast and efficient data transfer.

Question 43

Why should you use tags?

Answer 43

In AWS management console you can configure tags to be displayed with resources, and can search and filter by tag.

In AWS cost explorer you can create reports to get cumulative costs of the resources grouped by a given tag.

You can tag resources to filter them during automation activities: for example you can tag EC2 instances as “development”, “testing” and “production”.

In access control you can have conditions based on tags.

Question 44

What are the event notification types for Amazon S3?

Answer 44

• new object created events
• object removal events
• Reduced Redundancy Storage (RRS) object lost events
• Replication events

Question 45

Why do event notifications exist?

Answer 45

Event notifications can be sent in response to actions in S3 like PUT, POST, COPY, DELETE.

Amazon S3 event notifications enable you to run workflows, send alerts, or perform other actions in response to changes in your objects stored in S3.

Question 46

What destinations can be chosen for sending event notifications?

Answer 46

• Publish event messages to an Amazon Simple Notification Service (SNS) topic;
• Publish event messages to an Amazon Simple Queue Service (SQS) queue;
• Publish event messages to AWS Lambda by invoking a Lambda function and passing the message as an argument.

You need to grant Amazon S3 permissions to post messages to an Amazon SNS topic or an Amazon SQS queue.

You need to also grant Amazon S3 permission to invoke an AWS Lambda function on your behalf.

Question 47

What is requester pays?

Answer 47

Instead of the bucket owner, the requester himself pays the cost of the request, and the data downloaded from the bucket.

The bucket owner just pays for the storage.

Question 48

When should requester pays be used?

Answer 48

When you host the data but you want to make custoemrs pay for downloading the data.

Question 49

How does “requester pays” technically work?

Answer 49

The requester must include “x-amz-requester-payer” in their requests either in the header (POST,GET,HEAD requests) or as a parameter (in a REST request). If the request does not include this header or parameter, the bucket owner gets charged for the request or data transfer.

Question 50

What is object lifecycle management?

Answer 50

Object Lifecycle Management manages the storage of the objects and the cost associated with it throughout the life othe objects.

Question 51

Why to using object lifecycle management?

Answer 51

• To move the objects to a different storage class, depending on how frequently they are used, to reduce the cost (Transition).
• To set an expiry date on the objects that would no longer be used after a certain period, and delete them (Expiration).

Question 52

How often can you transfer objects to another storage class?

Answer 52

In order to transfer an object to another storage class, you need to wait 30 days from the previous transition.

Question 53

What versions of an object can be transfered?

Answer 53

You can transfer to another storage class the current version or the previous versions of an object.

Question 54

What filters can be added for Object Lifecycle Management?

Answer 54

It’s possible to filter the objects by prefix.

Question 55

How long should you wait before deleting an object after its transition?

Answer 55

1 day

Question 56

How do you deal with incomplete multipart transfers?

Answer 56

Using the lifecycle rules you can clean up expired object delete markers (meaning there won’t be any current version any longer) and/or clean up incomplete multipart uploads.

Question 57

Is a new lifecycle configuration applied instantly against a bucket?

Answer 57

No, there’s usually some lag before the configuration is fully propagated to all the Amazon S3 systems.

Question 58

What objects are affected by a new or an updated Object Lifecycle Management Configuration?

Answer 58

Both existing objects and objects created after the entry into force of the new configuration.

Question 59

What is cross region replication (CRR)?

Answer 59

Automatic, asynchronous copying of objects from a bucket in one region (Source Bucket) to another bucket in another region (Destination Bucket).

Question 60

Why should you use Cross Region Replication (CRR)?

Answer 60

If you have an application where you are sending files from one bucket in one region to another in a different region for post processing or for disaster recovering.

Question 61

What are the requirements for Cross Region Replication (CRR)?

Answer 61

• Source and destination buckets must be in different AWS regions;
• Both the source and the destination buckets must have versioning enabled;
• S3 must have permissions to replicate objects from that source bucket to the destination bucket on your behalf.

Question 62

What can be replicated with Amazon Cross Region Replication (CRR)?

Answer 62

• Any new object created after you added a replication configuration.
• Unencrypted objects as well as encrypted objects, but only if encrypted with SSE-S3 or SSE-KMS. If the object is encrypted in the source bucket, then also the replicated copy of the object is encrypted using the same type of server-side encryption.
• Along with objects, S3 also replicates object metadata.
• S3 replicates only objects in the source bucket for which the bucket owner has permissiosn to read objects and read access control lists (ACLs).

Question 63

What is not replicated with Amazon CRR (Cross Site Region)?

Answer 63

• Objects that existed before enabling replication (can use the copy API).
• Objects created with SSE-C.
• Objects to which the bucket owner does not have permissions.
• Updates to bucket-level subresources.
• Actions from lifecycle rules are not replicated.
• Objects in the source bucket that are replicated from another region are not replicated.

Question 64

How is deletion handled with Cross Region Replication?

Answer 64

• if a delete request is made without specifying an object version ID a delete marker will be added and replicated.
• If a delete request is made specifying an object version ID the object is deleted but the delete marker is not replicated.

Question 65

What is the purpose of S3 different storage classes?

Answer 65

• S3 Standard: general-purpose storage of frequently accessed data.
• S3 Standard-Infrequent Access: long-lived, but less frequently accessed data.
• S3 Intelligent Tiering: cost optimization without performance impact.
• S3 Glacier and S3 Glacier Deep Archive: long-term storage.

Question 66

What are the characteristics of S3 Standard storage class?

Answer 66

• The default storage class for the objects.
• The data is replicated across at least 3 different availability zones (AZs) for high durability and availability.
• Durability of 99.99999999999% and availability of 99.99% (highest of all storage classes).
• Offers low latency and high throughput, which makes it suitable for many applications such as cloud apps, dynamic websites, content distribution, mobile and gaming applications, Big Data analytics.
• S3 Lifecycle management is used to configure the lifecycle policies to automatically migrate objects from this class to the other appropriate storage classes.

Question 67

What are the characteristics for S3 Standard-Infrequent Access (S3 Standard-IA)?

Answer 67

• For data that is accessed less frequently, but requires rapid access when needed.
• Data is replicated across (at least) 3 different availability zones (AZs) for high durability and availability.
• Durability of 99.99999999999% and availability of 99.9% (lesser than that of S3-Standard).
• Costs less than S3-Standard; charges you for retrieving the data per GB.
• Supports lyfecicle policies to automatically migrate objects fro m this class to the other approapriate storage classes.

Question 68

What are the characteristics of S3 One Zone-Infrequent Access (S3 One Zone-IA) ?

Answer 68

• It’s suited for data that is accessed less frequently, but requires rapid access when needed.
• Data is stored in only a single availability zone (AZ).
• Durability of 99.99999999999% and availability of 99.5% (lesser than that of S3 Standard IA).
• Costs 20% less than S3 Standard IA; charges you for retrieving the data per GB.
• Good choice for backup copies of on-premises data or easily re-creatable data.
• Supports lifecycle policies to automatically migrate objects from this class to other appropriate storage classes.

Question 70

What are the characteristics of S3 Intelligent Tiering?

Answer 70

• It’s designed to optimize the costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead.
• Data is replicated across (at least) 3 different availability zones (AZs) for high durability and availability.
• Same low latency and high throughput performance of S3 Standard.
• Durability of 99.99999999999% and availability of 99.9 (lesser than S3-standard’s).
• There are not retrieval fees and no additional tiering fees when objects are moved between access tiers, but charges a monthly monitoring and automation fee per object.
• Ideal storage class for long-lived data with access patterns that are unknown or unpredictable.
• Suitable for objects larget than 128 KB that you plan to store for at least 30 days. if you delete an object before the end of the 30-day minimum storage duration period, you are charged for 30 days.
• Supports lifecycle policies to automatically migrate objects from this class to the other appropriate storare classes.

Question 71

What are the characteristics of S3 Glacier and S3 Glacier Deep archive?

Answer 71

Amazon S3 Glacier

• Secure, durable, and extremely low-cost storage service for data archiving.
• Three options for retrieving the archives: standard, expedited, and bulk.
• Archived data can be retrieved in a few minutes to hours and the user will be charged accordignly to the option used.
• Costs significantly less than all other S3 storage classes; charges you for retrieving the data per GB.

Amazon S3 Glacier Deep archive

* Lowest cost storage class designed for long-term retention of data that will be retained for 7-10 years.
*