S3

Question 1

Which S3 Storage Class is the most cost-effective for archiving data with no retrieval time requirement?

a) Amazon Glacier
b) Amazon Glacier Deep Dive
c) Amazon S3 Standard-Infrequent Access
d) Amazon S3 Intelligent Tiering

Answer 1

b) Amazon Glacier Deep Dive

Amazon Glacier Deep Archive is the most cost-effective option if you want to archive data and do not have a retrieval time requirement. You can retrieve data in 12 or 48 hours.

Question 2

What hybrid AWS service is used to allow on-premises servers to seamlessly use the AWS Cloud at the storage layer?

a) Elastic Block Store
b) Snowball
c) S3
d) Storage Gateway

Answer 2

d) Storage Gateway

AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.

Question 3

Which of the following services is a petabyte-scale data moving service (as a fleet) in or out of AWS with computing capabilities?

a) Snowball
b) Snowball Edge
c) Snowmobile

Answer 3

b) Snowball Edge

Snowball Edge is best-suited to move petabytes of data and offers computing capabilities. Be careful, it’s recommended to use a fleet of Snowballs to move less than 10PBs of data. Over this quantity, it’s better-suited to use Snowmobile.

Question 4

Which of the following is an exabytes-scale data moving service in or out of AWS?

a) Snowball
b) Snowball Edge
c) Snowmobile

Answer 4

c) Snowmobile

Snowmobile is used to move exabytes of data in or out of AWS (1 EB=1,000 PBs=1,000,000 TBs).

Question 5

What are Objects NOT composed of?

a) Key
b) Value
c) Access Keys
d) Metadata

Answer 5

c) Access Keys

Access Keys are used to sign programmatic requests to the AWS CLI or AWS API.

Question 6

Where are objects stored in Amazon S3?

a) Folders
b) Buckets
c) Files
d) Bin

Answer 6

b) Buckets

Buckets store objects in Amazon S3.

Question 7

What can you use to define actions to move S3 objects between different storage classes?

a) Scaling policy
b) Bucket Policies
c) Lifecycle rules
d) Replication

Answer 7

c) Lifecycle rules

Lifecycle Rules can be used to define when S3 objects should be transitioned to another storage class or when objects should be deleted after some time.

Question 8

Which S3 Storage Class is suitable for less frequently accessed data, but with rapid access when needed, while keeping high durability and allowing an Availability Zone failure?

a) Amazon S3 Standard - General Purpose
b) Amazon Glacier
c) Amazon S3 One Zone-Infrequent Access
d) Amazon S3 Standard-Infrequent Access

Answer 8

d) Amazon S3 Standard-Infrequent Access

Amazon S3 Standard-Infrequent Access allows you to store infrequently accessed data, with rapid access when needed, has high durability, and is stored in several Availability Zones to avoid data loss in case of a disaster. It can be used to store data for disaster recovery, backups, etc.

Question 9

Mention some use cases for AWS S3

Answer 9

• Backup and storage
• Disaster recovery
• Archive
• Hybrid Cloud Storage
• Application Hosting
• Media Hosting
• Data lakes and big data analytics
• Software delivery
• Static websites

Question 10

What are the objects in AWS S3?

Answer 10

Objects are the files stored in an S3 bucket.

Objects have a key which is the full path for example:
s3://my-bucket/file.txt -> file.txt is the key

They key can also be composed by a prefix and the object name:
s3://my-bucket/folder1/folder2/file.txt where the prefix is folder1/folder2

There is no such concept of “directories” in AWS S3, just keys with very long names that contain slashes “/”

Question 11

What is a multi-part upload?

Answer 11

The max object size is 5 TB, when there is a need to upload an object bigger that this size, multi-part upload has to be used, which means to split the object in multiple parts.

Question 12

What are the elements of an Object?

Answer 12

• Key
• Value
• Metadata (list of key/value pairs - system or user data)
• Tags (unicode key/value pair up to 10) - useful for security / lifecycle
• Version ID (if versioning is enabled)

Question 13

Mention the available ways to secure an S3 bucket

Answer 13

User based:
- security with IAM policies

Resource based:
- bucket policies, which are rules attached directly to the S3 bucket to allow or deny requests comming from other accounts or other requests
- Object Access Control Lists (ACL)
- Bucket Access Control Lists (ACL) - less common
NOTE: an IAM principal can access an S3 bucket if the user IAM permissions allow it OR the resource policy ALLOW it, AND there’s no explicit DENY

Encryption:
- Encrypt objects in Amazon S3 using encryption keys

Question 14

What bucket policies define?

Answer 14

They are JSON based policies that define:

• Resources: buckets or objects
• Action: Set of API to Allow or Deny
• Effect: Allow or Deny
• Principal: The account or user to apply the policy to

Question 15

For what we would use an S3 bucket policy?

Answer 15

We would use it to:

• Grant public access to the bucket
• Force objects to be encrypted at upload
• Grant access to another account (Cross account)

Question 16

What are S3 Access Logs?

Answer 16

They are logs used for audit purpose, is it possible to log all access to S3 buckets.
This means that any request made to S3, from any account, authorized or not, will be logged into another S3 bucket.
That data can be analyzed using data analysis tools and could be very helpful to come down to the root of an issue, view suspicious patterns, etc.

Question 17

What are the types of replication available for S3 buckets? Describe how it works and common use cases.

Answer 17

CRR (Cross-Region Replication) and SRR (Same Region Replication).

Replication copies all files from one bucket fo another, then:

• Is necessary to enable versioning on both buckets (source and destination)
• it could be CRR or SRR
• Buckets can be in different accounts
• Copying is asynchronous
• Must give proper IAM permissions to S3

CRR Use cases: compliance, lower latency access, replication across accounts.

SRR Use cases; log aggregation, live replication between production and test accounts.

NOTE: When enabling replication, objects already existing in the source bucket are not replicated.

Question 18

Mention the different S3 Storage Classes.

Answer 18

• Amazon S3 Standard - General Purposes
• Amazon S3 Standard-Infrequent Access (IA)
• Amazon S3 One Zone-Infrequent Access
• Amazon S3 Intelligent Tiering.
• Amazon Glacier
• Amazon Glacier Deep Archive.
• Amazon S3 RRS (Reduced Redundancy Storage) - DEPRECATED

Question 19

What is S3 Durability and Availability?

Answer 19

Durability: Means how often do you lose a file.
If you store 10,000,000 objects in Amazon S3, you can on average expect to incur a loss of a single object once every 10,000 years, this is high durability.

Availability: How readily available a service is.
S3 standard has 99.99% of availability, which means it will not be available 53 minutes a year, this varies depending on storage class.

Question 20

Mention the characteristics of S3 Standard - General Purposes

Answer 20

• It has 99.99% Availability
• Used for frequently access data
• Low latency and high throughput
• Sustain 2 concurrent facility failures

Use cases: Big Data analytics, mobile and gaming applications, content distribution…

Question 21

Mention the characteristics of S3 Standard - Infrequent Access (IA)

Answer 21

• Suitable for data that is less frequently accessed, but required rapid access when needed.
• 99.9% availability
• Lower cost compared to S3 standard but has a retrieval fee
• Sustain 2 concurrent facility failures

User cases: As data store for disaster recovery, backups…

Question 22

Mention the characteristics of Amazon S3 Intelligent Tiering.

Answer 22

• 99.9% availability
• Same low latency and high throughput performance of S3 Standard
• Cost-optimized by automatically moving objects between 2 access tiers based on changing access patterns:
  
  • Frequent access: will to the frequently access storage
  • Infrequent access: it will be moved to the right category
• Resilient against events that impact an entire Availability Zone.

Question 23

Mention the characteristics of S3 One Zone-Infrequent Access

Answer 23

• Same as IA but data is stored in a single AZ
• 99.5% availability
• Low latency and high throughput performance
• Lower cost compared to S3-IA (by 20%)

Use cases: Storing secondary backup copies of on-premises data, or storing data you can recreate, for example having a profile picture from where you generate a thumbnail from it, it is very common to put it into a One Zone IA

Question 24

What are the storage services for storing data that is retained for longer-term?

Answer 24

Amazon Glacier and Glacier Deep Archive

• Low-cost object storage (in GB/Month) meant for archiving/backup
• Data is retained for the longer term (years)
• Various retrieval options of time + fees for retrieval

Question 25

What are the ways for retrieving data from Amazon Glacier?

Answer 25

• Expedited (1 to 5 minutes)
• Standard (3 to 5 hours)
• Bulk (5 to 12 hours)

Question 26

What are the ways for retrieving data from Amazon Glacier Deep Archive?

Answer 26

• Standard (12 hours)

- Bulk (48 hours)

Question 27

Is it possible to move files between storage classes?

True or False

Answer 27

True, objects can transition between storage classes.

Moving objects can be automated using a lifecycle configuration.

Question 28

What is the shared responsibility model for S3?

Answer 28

For AWS:

• Infrastructure
• Configuration and vulnerability analysis
• Compliance validation

For accounts:

• S3 versioning
• S3 bucket policies
• S3 replication setup
• Logging and Monitoring
• S3 Storage Classes
• Data encryption at rest and in transit