S3

Question 1

What is S3?

Answer 1

Simple Storage Service.

Provides development and IT teams with secure, durable, highly scalable object storage

Data is spread across multiple devices and facilities

• high recovery
• fast delivery

Question 2

Size of files that can be uploaded to S3

Answer 2

0 bytes - 5 TB

Question 3

Single PUT in S3 max size file

Answer 3

5GB

Question 4

Multi-PUT in S3 max file size

Answer 4

5TB

Question 5

Single PUT in console max file size

Answer 5

160GB

Question 6

Storage limit for S3

Answer 6

unlimited

Question 7

Naming conventions with S3

Answer 7

Uses a universal namespace so all names must be unique globally

Question 8

Data consistency for S3

Answer 8

Read and write for PUTS of new objects

Eventual consistency for overwrite PUTS and DELETES (can take some time)

Question 9

Transfer Acceleration for S3

Answer 9

Can enable by setting in the sub-resource of bucket (bucket specific config).

Note: need to have a DNS compliant name (cannot contain “.”) if want to enable Transfer Acceleration

Question 10

Standard S3 Storage

Durability and Availability

Answer 10

Durability 99.999999999%

Availability
99.9%

Question 11

Standard-IA S3 Storage Durability and Availability

Answer 11

Durability 99.999999999%

Availability
99.9%

Question 12

OneZone-IA S3 Storage Durability and Availability

Answer 12

Durability 99.999999999%

Availability
99.5%

Question 13

Glacier S3 Storage Durability and Availability

Answer 13

Durability 99.999999999%

Availability
99.9% after objects are restored

Question 14

Reduced Redundancy Storage (RRS) S3 Storage Durability and Availability

Answer 14

Durability 99.99%

Availability
99.5%

Question 15

When to use Standard-IA S3 Storage Class?

Answer 15

For data that is accessed less frequently but requires rapid access when needed.

Lower fee than S3 but…

Retrieval fee for all S3 IA Objects

Question 16

When to use OneZone-IA Storage Class?

Answer 16

Don’t need resilient data

Cost is 20% less than regular S3-IA

Question 17

When to use Glacier S3 Storage Class?

Answer 17

Want to archive data for a cheap deal.

Don’t need to access data immediately (3-5hr to restore)

Question 18

When to use Reduced Redundancy Storage (RRS) S3 Storage Class?

Answer 18

NOT RECOMMENDED

Regular S3 is cheaper now

Used to store data that can be recreated if lost (ex. thumbnails)

Question 19

What service can you use if you have unknown or unpredictable access patterns for S3 bucket?

Answer 19

Intelligent Tiering which auto moves data between

• Frequent
• Infrequent access

So you can save money

There is a small monitoring fee of $0.0025 per 1000 objects.

Question 20

List the S3 charges

Answer 20

Storage per GB
Requests

Storage Management Pricing
- inventory, analytics, and object tags

Data Management Pricing
- data transferred out of S3

Transfer Acceleration
- use CloudFront to optimize transfers

Question 21

Can you encrypt objects already in S3 bucket?

Answer 21

No, If objects are already in bucket when you set encryption those objects will not be encrypted.

Question 22

What are the 3 types of At Rest encryption options for S3?

Answer 22

S3 managed keys (SSE-S3)

AWS Key management Service Managed Keys (SSE-KMS)

Server Side Encryption with Customer Provided Keys (SSE-C)

Question 23

When to use SSE-S3 encryption

Answer 23

Want to each object in S3 to be encrypted with its own key.

256 bit encryption

Question 24

When to use SSE-KMS encryption

Answer 24

AWS manages key for you

Get audit key

Option to use own key or default key

Question 25

When to use SSE-C encryption

Answer 25

AWS manages encryption and decryption But customer handles keys

Question 26

How to enforce encryption on S3 bucket

Answer 26

Add special parameter in header x-amz-server-side-encryption:AES256 or x-amz-server-side-encryyption:ams:kms:SSE-KMS Enfoce server side ecryption by making in required to have x-amz-server-side-encryption parameter in request header

Question 27

If you have a S3 bucket that wants to access another public bucket what actions do you have to perform to allow bucket access

Answer 27

Must set up CORS even if bucket is public

Question 28

How to access performance metrics for S3

Answer 28

CloudWatch

Question 29

What to use if you have a large request rate in S3 (100 PUTS, LISTS, DELETES or < 300 GET)

Answer 29

Use CloudFront

Question 30

What service do you use if you want to receive Application Load Balancer Logs

Answer 30

S3

Question 31

How to modify an S3 object permissions at object level

Answer 31

use S3 Access Control Lists (ACLs)

Question 32

How to ensure only encrypted data is uploaded to S3?

Answer 32

Use bucket policy that only allows PUT with x-amz-server-side-encryption param in request header

Question 33

How to add CORS config to an S3 bucket in Console

Answer 33

In Permissions tab click CORS Configuration

Question 34

What headers do you need to include when using SSE-C key and want to upload object to bucket?

Answer 34

x-amz-server-side-encryption-customer-algorithm, x-amz-server-side-encryption-customer-key and x-amz-server-side-encryption-customer-key-MD5

Question 35

What do you need to do if you want Cross-region replication (CCR) to copy objects across all buckets in different AWS regions?

Answer 35

Versioning must be set