S3

Question 1

How to replicate S3 bucket in another region?

Answer 1

Cross-Region Replication

Question 2

Do you have to pay for Cross-Region Replicaiton?

Answer 2

Yes

Question 3

Uses edge locations to quickly deliver data to users that may be far away from the S3 bucket (more used for uploading objects from a far distance)

Answer 3

Transfer Acceleration

Question 4

When to use Transfer Acceleration vs. CloudFront for S3?

Answer 4

Transfer Acceleration is used more for users adding/updating items in bucket, while CloudFront would be more for accessing items (and then caching those item).

Question 5

How to enable protection from deleting objects in S3?

Answer 5

MFA Delete

Question 6

True or False: AWS Storage Classes Cannot be changed on the fly

Answer 6

False

Question 7

Standard S3 Storage

Durability and Availability

Answer 7

Durability 99.999999999%

Availability
99.9%

Question 8

Standard-IA S3 Storage Durability and Availability

Answer 8

Durability 99.999999999%

Availability
99.9%

Question 9

OneZone-IA S3 Storage Durability and Availability

Answer 9

Durability 99.999999999%

Availability
99.5%

Question 10

Glacier S3 Storage Durability and Availability

Answer 10

Durability 99.999999999%

Availability
99.9% after objects are restored

Question 11

When to use Standard-IA S3 Storage Class?

Answer 11

For data that is accessed less frequently but requires rapid access when needed.

Lower fee than S3 but…

Retrieval fee for all S3 IA Objects

Question 12

When to use OneZone-IA Storage Class?

Answer 12

Don’t need resilient data

Cost is 20% less than regular S3-IA

Question 13

When to use Glacier S3 Storage Class?

Answer 13

Want to archive data for a cheap deal.

Don’t need to access data immediately (3-5hr to restore)

Now can actually access in minutes instead of hours!!

Question 14

When to use Reduced Redundancy Storage (RRS) S3 Storage Class?

Answer 14

NOT RECOMMENDED

Regular S3 is cheaper now

Used to store data that can be recreated if lost (ex. thumbnails)

Question 15

What service can you use if you have unknown or unpredictable access patterns for S3 bucket?

Answer 15

Intelligent Tiering which auto moves data between

• Frequent
• Infrequent access

So you can save money

There is a small monitoring fee of $0.0025 per 1000 objects.

Recommended Tier now

Question 16

When to use S3 Glacier Deep Archive?

Answer 16

Can wait up to 12 hours to retrieve object

CHEAPEST option

Question 17

Glacier Deep Archive S3 Storage Durability and Availability

Answer 17

Durability 99.999999999%

Availability
99.9%

Question 18

AWS S3 Tiers most EXPENSIVE to CHEAPEST

Answer 18

Standard
Standard IA
Intelligent Tiering
One Zone IA
Glacier
Glacier Deep Archive

Question 19

List the S3 charges

Answer 19

Storage per GB
Requests

Storage Management Pricing
- inventory, analytics, and object tags

Data Management Pricing
- data transferred out of S3

Transfer Acceleration
- use CloudFront to optimize transfers

Question 20

Can you encrypt objects already in S3 bucket?

Answer 20

No, If objects are already in bucket when you set encryption those objects will not be encrypted.

Question 21

What are the 3 types of At Rest encryption options for S3?

Answer 21

S3 managed keys (SSE-S3)

AWS Key management Service Managed Keys (SSE-KMS)

Server Side Encryption with Customer Provided Keys (SSE-C)

Question 22

When to use SSE-S3 encryption

Answer 22

Want to each object in S3 to be encrypted with its own key.

256 bit encryption

Question 23

When to use SSE-KMS encryption

Answer 23

AWS manages key for you

Get audit key

Option to use own key or default key

Question 24

When to use SSE-C encryption

Answer 24

AWS manages encryption and decryption

But customer handles keys

Question 25

How to enforce encryption on S3 bucket

Answer 25

Add special parameter in header
x-amz-server-side-encryption:AES256 or x-amz-server-side-encryyption:ams:kms:SSE-KMS

Enfoce server side ecryption by making in required to have x-amz-server-side-encryption parameter in request header

Question 26

If you have a S3 bucket that wants to access another public bucket what actions do you have to perform to allow bucket access

Answer 26

Must set up CORS even if bucket is public

Question 27

How to access performance metrics for S3

Answer 27

CloudWatch

Question 28

When to use AWS CloudFront on your S3 bucket?

Answer 28

If you have a large request rate in S3 (100 PUTS, LISTS, DELETES or < 300 GET)

Question 29

What service do you use if you want to receive Application Load Balancer Logs

Answer 29

S3

Question 30

How to modify an S3 object permissions at object level

Answer 30

use S3 Access Control Lists (ACLs)

Question 31

How to ensure only encrypted data is uploaded to S3?

Answer 31

Use bucket policy that only allows PUT with x-amz-server-side-encryption param in request header

Question 32

What headers do you need to include when using SSE-C key and want to upload object to bucket?

Answer 32

x-amz-server-side-encryption-customer-algorithm, x-amz-server-side-encryption-customer-key and x-amz-server-side-encryption-customer-key-MD5

Question 33

What do you need to do if you want Cross-region replication (CCR) to copy objects across all buckets in different AWS regions?

Answer 33

Versioning must be set

Question 34

If versioning is enabled in AWS S3 can you disable it?

Answer 34

No it can only be suspended

You would have to delete bucket and make a new bucket to completely get rid of it

Question 35

What to enable in S3 to automate moving objects between storage tiers (can be scoped)

Answer 35

Lifecycle Rules

Question 36

What Lifecycle rule options does S3 provide?

Answer 36

Transition current version to different storage class

Transition previous version of object to different storage class (after certain amount of days)

Permanently delete previous versions of objects

Delete expired delete markers or incomplete multipart uploads. If lifecycle rule is scoped with tags you can not do this

Question 37

True or False: With S3 Versioning, Each version if want public will have to make each public individually

Answer 37

True

Question 38

In S3 if you delete an object with previous versions (without including a version ID) what happens?

Answer 38

It will become hidden well as all versions of that object. It can then be restored.

Question 39

If you want to permanently delete a specific version of an object in S3 you must..

Answer 39

DELETE with Version ID

Question 40

What happens to remaining object versions when versioning is suspended in S3?

Answer 40

Preserves any existing object versions

BUT

Suspend creation of object versions for all new operations

Question 41

Troubleshooting: get a lot of HTTP 503 slowdown response on PUT and DELETE and you have versioning enabled what might be the problem?

Answer 41

It may be there is 1+ objects in bucket with millions of versions.

Question 42

What is the model for S3 Object Lock?

Answer 42

WORM

Write once read many

Question 43

When would you add S3 Object Lock at the individual object level or applied across bucket level?

Answer 43

You don’t want someone to edit or delete an item.

Extra layer of protection.

Question 44

What are the 2 modes of S3 Object Lock and explain what they do?

Answer 44

Governance Mode = user’s can’t overwrite or delete object version unless they have special permissions to

Compliance Mode = protected version can’t be overwritten or deleted by any user (even root). Ensure can’t be overwritten or deleted for retention period.

Question 45

What is S3 Object Locking Legal Hold?

Answer 45

Prevents object versions from being overwritten or deleted.

Has NO retention period: stays into affect until someone removes the Legal Hold.

Question 46

Difference between Object Locking in S3 Glacier and other object locking?

Answer 46

Only placed on individual file level.

Once locked can no longer be changed.

Question 47

S3 number of requests per prefix?

Answer 47

5500

Question 48

S3 Multipart uploads are recommended on files over the size of?

Answer 48

100 MB

Question 49

S3 Multipart uploads are required for files over the size of?

Answer 49

5GB

Question 50

When to use S3 Byte Range fetches?

Answer 50

Only want to download partial amounts of a file (ex. header info)

Question 51

What to use if you want simple SQL expressions to retrieve only data needed by an app in S3?

Answer 51

S3 Select

Question 52

Reasons to use S3 Select?

Answer 52

Use SQL to only retrieve data you need

Achieve drastic performance of underlying applications

Data by row or columns

Save money on data transfer

Question 53

When to use Glacier Select?

Answer 53

Highly regulated industries:

Allows you to run SQL queries against Glacier directly

Question 54

In AWS Organizations how to have cross account bucket sharing with PROGRAMATIC ACCESS of an entire bucket?

Answer 54

Bucket policies & IAM

Question 55

In AWS Organizations how to have cross account bucket sharing with PROGRAMATIC ACCESS for individual objects in S3?

Answer 55

Bucket ACLs & IAM

Question 56

How to have cross account bucket sharing with PROGRAMATIC ACCESS or CONSOLE access?

Answer 56

Create IAM cross account role

Need account ID for account you want to grant access to

Send the link generated by role to the account you want to grant access to

Can be used by user in the other account switch role to get access to access buckets

Question 57

Prerequisite(s) for enabling Cross Region (CRR) Replication on S3 Bucket

Answer 57

Must enable bucket versioning in SOURCE and DESTINATION bucket

Question 58

How to add CRR to an S3 Bucket?

Answer 58

Add replication rule on bucket you want to replicate

Create a new IAM role

Select source bucket (can do all or limit scope to a rule using filters)

Can change storage class for replicated objects if you want

Replication time control (set if want to ensure it will be replicated in 15min)

Can even replicate delete markers

Question 59

Does CRR work on objects already in an S3 bucket?

Answer 59

No

Question 60

TRUE or FALSE: Any changes made to permissions of objects in source bucket CHANGE the permissions of objects in destination bucket.

Answer 60

FALSE

Question 61

TRUE or FALSE: CRR in S3 can be done within the same AWS account OR 2 different AWS Accounts

Answer 61

TRUE

Question 62

CRR S3 replication file is written in what format?

Answer 62

XML

Question 63

Things that CANNOT be replicated with CRR

Answer 63

Objects using CMK stored in KMS - must explicitly enable replication of these objects

Objects with SSE-C encryption on them

Objects in Glacier or Deep Archive

Existing Objects (can only replicate if contact AWS Support)

Question 64

Describe CRR Monitor Architecture

Answer 64

Monitor replication status of S3 objects across all AWS regions in customer account

When object added to source S3 bucket, CloudTrail logs the data and triggers CloudWatch event rule.

When triggers sends message to SNS topic in source bucket’s region. SQS queue subscribed to SNS receives message.

After object replication to destination is successful, status info is sent back to SQS. CloudWatch event invokes Lambda to read message from SQS queue and updates DynamoDB with replication status.

Question 65

Size of files that can be uploaded to S3

Answer 65

0 bytes - 5 TB

Question 66

Single PUT in S3 max size file

Answer 66

5GB

Question 67

Multi-PUT in S3 max file size

Answer 67

5TB

Question 68

Single PUT in console max file size

Answer 68

160GB

Question 69

Data consistency for S3

Answer 69

Read and write for PUTS of new objects

Eventual consistency for overwrite PUTS and DELETES (can take some time)

Question 70

What is true about Amazon S3 URLs for accessing a bucket?

Answer 70

You can access buckets using Path-Style URLs and Virtual-host style URLs.

Virtual-host style URLS are the recommended way