S3 Flashcards
How to replicate S3 bucket in another region?
Cross-Region Replication
Do you have to pay for Cross-Region Replicaiton?
Yes
Uses edge locations to quickly deliver data to users that may be far away from the S3 bucket (more used for uploading objects from a far distance)
Transfer Acceleration
When to use Transfer Acceleration vs. CloudFront for S3?
Transfer Acceleration is used more for users adding/updating items in bucket, while CloudFront would be more for accessing items (and then caching those item).
How to enable protection from deleting objects in S3?
MFA Delete
True or False: AWS Storage Classes Cannot be changed on the fly
False
Standard S3 Storage
Durability and Availability
Durability 99.999999999%
Availability
99.9%
Standard-IA S3 Storage Durability and Availability
Durability 99.999999999%
Availability
99.9%
OneZone-IA S3 Storage Durability and Availability
Durability 99.999999999%
Availability
99.5%
Glacier S3 Storage Durability and Availability
Durability 99.999999999%
Availability
99.9% after objects are restored
When to use Standard-IA S3 Storage Class?
For data that is accessed less frequently but requires rapid access when needed.
Lower fee than S3 but…
Retrieval fee for all S3 IA Objects
When to use OneZone-IA Storage Class?
Don’t need resilient data
Cost is 20% less than regular S3-IA
When to use Glacier S3 Storage Class?
Want to archive data for a cheap deal.
Don’t need to access data immediately (3-5hr to restore)
Now can actually access in minutes instead of hours!!
When to use Reduced Redundancy Storage (RRS) S3 Storage Class?
NOT RECOMMENDED
Regular S3 is cheaper now
Used to store data that can be recreated if lost (ex. thumbnails)
What service can you use if you have unknown or unpredictable access patterns for S3 bucket?
Intelligent Tiering which auto moves data between
- Frequent
- Infrequent access
So you can save money
There is a small monitoring fee of $0.0025 per 1000 objects.
Recommended Tier now
When to use S3 Glacier Deep Archive?
Can wait up to 12 hours to retrieve object
CHEAPEST option
Glacier Deep Archive S3 Storage Durability and Availability
Durability 99.999999999%
Availability
99.9%
AWS S3 Tiers most EXPENSIVE to CHEAPEST
Standard Standard IA Intelligent Tiering One Zone IA Glacier Glacier Deep Archive
List the S3 charges
Storage per GB
Requests
Storage Management Pricing
- inventory, analytics, and object tags
Data Management Pricing
- data transferred out of S3
Transfer Acceleration
- use CloudFront to optimize transfers
Can you encrypt objects already in S3 bucket?
No, If objects are already in bucket when you set encryption those objects will not be encrypted.
What are the 3 types of At Rest encryption options for S3?
S3 managed keys (SSE-S3)
AWS Key management Service Managed Keys (SSE-KMS)
Server Side Encryption with Customer Provided Keys (SSE-C)
When to use SSE-S3 encryption
Want to each object in S3 to be encrypted with its own key.
256 bit encryption
When to use SSE-KMS encryption
AWS manages key for you
Get audit key
Option to use own key or default key
When to use SSE-C encryption
AWS manages encryption and decryption
But customer handles keys
How to enforce encryption on S3 bucket
Add special parameter in header
x-amz-server-side-encryption:AES256 or x-amz-server-side-encryyption:ams:kms:SSE-KMS
Enfoce server side ecryption by making in required to have x-amz-server-side-encryption parameter in request header
If you have a S3 bucket that wants to access another public bucket what actions do you have to perform to allow bucket access
Must set up CORS even if bucket is public
How to access performance metrics for S3
CloudWatch
When to use AWS CloudFront on your S3 bucket?
If you have a large request rate in S3 (100 PUTS, LISTS, DELETES or < 300 GET)