S3

Question 1

Amazon S3

Answer 1

Amazon S3 allows people to store objects (files) in “buckets” (directories)

• key is full path
• allows for versioning at bucket level

Question 2

S3 Encryption

Answer 2

• SSE-S3: encrypts S3 objects using keys handled & managed by AWS
• SSE-KMS: leverage AWS Key Management Service to manage encryption keys • SSE-C: when you want to manage your own encryption keys
• Client Side Encryption

Question 3

S3 SSE

Answer 3

Server Side Encryption - objects are encrypted on the server

Question 4

S3 KMS

Answer 4

Key Management Store - SSE controlled by KMS and allows for user control + audit trail

Question 5

S3 SSE-C

Answer 5

SSE using data keys fully managed by the customer outside of AWS
- HTTPS must be used

Question 6

Client Side Encryption

Answer 6

Encryption is done on the client and the encrypted object is stored on S3

Question 7

S3 Security

Answer 7

User based - IAM policies (roles)

Resource based - bucket policies across all accounts

Question 8

S3 Websites

Answer 8

S3 can host static websites and have them accessible on the www
- If you get a 403 (Forbidden) error, make sure the bucket policy allows public reads!

Question 9

S3 CORS

Answer 9

If a client does a cross-origin request on our S3 bucket, we need to enable the correct CORS headers

Question 10

S3 MFA-Delete

Answer 10

MFA (multi factor authentication) forces user to generate a code on a device (usually a mobile phone or hardware) before doing important operations on S3

• versioning must be enabled
• only bucket owners can enable/disable MFA-delete

Question 11

S3 Access Logs

Answer 11

Log S3 activity into another S3

- do not loop your logs into the same bucket

Question 12

S3 Replication

Answer 12

Cross Region Replication - compliance, lower latency access, replication across accounts

Same Region Replication - log aggregation, live replication between production and test accounts

Question 13

S3 Pre-Signed URLs

Answer 13

Users given a pre-signed URL inherit the permissions of the person who generated the URL for GET / PUT
- valid for 3600 by default

Question 14

S3 Standard Storage - General Purpose

Answer 14

High Durability across multiple AZ

Big Data analytics, mobile & gaming applications, content distribution

Question 15

S3 Standard – Infrequent Access (IA)

Answer 15

Suitable for data that is less frequently accessed, but requires rapid access when needed

High Durability across multiple AZ

Disaster Recovery and backups

Question 16

S3 One Zone - Infrequent Access (IA)

Answer 16

Same as S3 Standard IA instead in a single AZ

Question 17

S3 Intelligent Tiering

Answer 17

Automatically moves objects between two access tiers based on changing access patterns

Question 18

Amazon Glacier

Answer 18

Low cost object storage meant for archiving / backup

- Data is retained for the longer term (10s of years)

Question 19

Glacier Deep Archive

Answer 19

Longer storage than Amazon Glacier

Question 20

S3 Lifecycle Rules

Answer 20

Transition actions: It defines when objects are transitioned to another storage class
• Move objects to Standard IA class 60 days after creation
• Move to Glacier for archiving after 6 months

Expiration actions: configure objects to expire (delete) after some time

Question 21

S3 Multi-Part upload

Answer 21

Upload large file in parallel chunks

Question 22

S3 Transfer Acceleration

Answer 22

Transfer files to an AWS edge location which will then forward the data to the S3 bucket

Question 23

S3 Byte-Range Fetches

Answer 23

Parallelize GETs by requesting specific byte ranges

Question 24

S3 Select & Glacier Select

Answer 24

Retrieve less data using SQL by performing server side filtering

Question 25

S3 Event Notifications

Answer 25

Events triggered when actions are performed on an S2 bucket

Question 26

AWS Athena

Answer 26

Serverless service to perform analytics directly against S3 files

Use case: Business intelligence / analytics / reporting, analyze & query

Question 27

S3/Glacier Object Lock

Answer 27

Prevent object version deletion for a specified amount of time

Helpful for compliance and data retention

Question 28

S3 - Consistency Model

Answer 28

If a user updates an existing object, it will eventually be consistent meaning you might get an older version of the data