S3 Flashcards

1
Q

How to replicate S3 bucket in another region?

A

Cross-Region Replication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Do you have to pay for Cross-Region Replicaiton?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Uses edge locations to quickly deliver data to users that may be far away from the S3 bucket (more used for uploading objects from a far distance)

A

Transfer Acceleration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When to use Transfer Acceleration vs. CloudFront for S3?

A

Transfer Acceleration is used more for users adding/updating items in bucket, while CloudFront would be more for accessing items (and then caching those item).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How to enable protection from deleting objects in S3?

A

MFA Delete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

True or False: AWS Storage Classes Cannot be changed on the fly

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Standard S3 Storage

Durability and Availability

A

Durability 99.999999999%

Availability
99.9%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Standard-IA S3 Storage Durability and Availability

A

Durability 99.999999999%

Availability
99.9%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

OneZone-IA S3 Storage Durability and Availability

A

Durability 99.999999999%

Availability
99.5%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Glacier S3 Storage Durability and Availability

A

Durability 99.999999999%

Availability
99.9% after objects are restored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When to use Standard-IA S3 Storage Class?

A

For data that is accessed less frequently but requires rapid access when needed.

Lower fee than S3 but…

Retrieval fee for all S3 IA Objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When to use OneZone-IA Storage Class?

A

Don’t need resilient data

Cost is 20% less than regular S3-IA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When to use Glacier S3 Storage Class?

A

Want to archive data for a cheap deal.

Don’t need to access data immediately (3-5hr to restore)

Now can actually access in minutes instead of hours!!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When to use Reduced Redundancy Storage (RRS) S3 Storage Class?

A

NOT RECOMMENDED

Regular S3 is cheaper now

Used to store data that can be recreated if lost (ex. thumbnails)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What service can you use if you have unknown or unpredictable access patterns for S3 bucket?

A

Intelligent Tiering which auto moves data between

  • Frequent
  • Infrequent access

So you can save money

There is a small monitoring fee of $0.0025 per 1000 objects.

Recommended Tier now

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When to use S3 Glacier Deep Archive?

A

Can wait up to 12 hours to retrieve object

CHEAPEST option

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Glacier Deep Archive S3 Storage Durability and Availability

A

Durability 99.999999999%

Availability
99.9%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

AWS S3 Tiers most EXPENSIVE to CHEAPEST

A
Standard
Standard IA
Intelligent Tiering
One Zone IA
Glacier
Glacier Deep Archive
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

List the S3 charges

A

Storage per GB
Requests

Storage Management Pricing
- inventory, analytics, and object tags

Data Management Pricing
- data transferred out of S3

Transfer Acceleration
- use CloudFront to optimize transfers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Can you encrypt objects already in S3 bucket?

A

No, If objects are already in bucket when you set encryption those objects will not be encrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the 3 types of At Rest encryption options for S3?

A

S3 managed keys (SSE-S3)

AWS Key management Service Managed Keys (SSE-KMS)

Server Side Encryption with Customer Provided Keys (SSE-C)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

When to use SSE-S3 encryption

A

Want to each object in S3 to be encrypted with its own key.

256 bit encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

When to use SSE-KMS encryption

A

AWS manages key for you

Get audit key

Option to use own key or default key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

When to use SSE-C encryption

A

AWS manages encryption and decryption

But customer handles keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

How to enforce encryption on S3 bucket

A

Add special parameter in header
x-amz-server-side-encryption:AES256 or x-amz-server-side-encryyption:ams:kms:SSE-KMS

Enfoce server side ecryption by making in required to have x-amz-server-side-encryption parameter in request header

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

If you have a S3 bucket that wants to access another public bucket what actions do you have to perform to allow bucket access

A

Must set up CORS even if bucket is public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

How to access performance metrics for S3

A

CloudWatch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

When to use AWS CloudFront on your S3 bucket?

A

If you have a large request rate in S3 (100 PUTS, LISTS, DELETES or < 300 GET)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What service do you use if you want to receive Application Load Balancer Logs

A

S3

30
Q

How to modify an S3 object permissions at object level

A

use S3 Access Control Lists (ACLs)

31
Q

How to ensure only encrypted data is uploaded to S3?

A

Use bucket policy that only allows PUT with x-amz-server-side-encryption param in request header

32
Q

What headers do you need to include when using SSE-C key and want to upload object to bucket?

A

x-amz-server-side-encryption-customer-algorithm, x-amz-server-side-encryption-customer-key and x-amz-server-side-encryption-customer-key-MD5

33
Q

What do you need to do if you want Cross-region replication (CCR) to copy objects across all buckets in different AWS regions?

A

Versioning must be set

34
Q

If versioning is enabled in AWS S3 can you disable it?

A

No it can only be suspended

You would have to delete bucket and make a new bucket to completely get rid of it

35
Q

What to enable in S3 to automate moving objects between storage tiers (can be scoped)

A

Lifecycle Rules

36
Q

What Lifecycle rule options does S3 provide?

A

Transition current version to different storage class

Transition previous version of object to different storage class (after certain amount of days)

Permanently delete previous versions of objects

Delete expired delete markers or incomplete multipart uploads. If lifecycle rule is scoped with tags you can not do this

37
Q

True or False: With S3 Versioning, Each version if want public will have to make each public individually

A

True

38
Q

In S3 if you delete an object with previous versions (without including a version ID) what happens?

A

It will become hidden well as all versions of that object. It can then be restored.

39
Q

If you want to permanently delete a specific version of an object in S3 you must..

A

DELETE with Version ID

40
Q

What happens to remaining object versions when versioning is suspended in S3?

A

Preserves any existing object versions

BUT

Suspend creation of object versions for all new operations

41
Q

Troubleshooting: get a lot of HTTP 503 slowdown response on PUT and DELETE and you have versioning enabled what might be the problem?

A

It may be there is 1+ objects in bucket with millions of versions.

42
Q

What is the model for S3 Object Lock?

A

WORM

Write once read many

43
Q

When would you add S3 Object Lock at the individual object level or applied across bucket level?

A

You don’t want someone to edit or delete an item.

Extra layer of protection.

44
Q

What are the 2 modes of S3 Object Lock and explain what they do?

A

Governance Mode = user’s can’t overwrite or delete object version unless they have special permissions to

Compliance Mode = protected version can’t be overwritten or deleted by any user (even root). Ensure can’t be overwritten or deleted for retention period.

45
Q

What is S3 Object Locking Legal Hold?

A

Prevents object versions from being overwritten or deleted.

Has NO retention period: stays into affect until someone removes the Legal Hold.

46
Q

Difference between Object Locking in S3 Glacier and other object locking?

A

Only placed on individual file level.

Once locked can no longer be changed.

47
Q

S3 number of requests per prefix?

A

5500

48
Q

S3 Multipart uploads are recommended on files over the size of?

A

100 MB

49
Q

S3 Multipart uploads are required for files over the size of?

A

5GB

50
Q

When to use S3 Byte Range fetches?

A

Only want to download partial amounts of a file (ex. header info)

51
Q

What to use if you want simple SQL expressions to retrieve only data needed by an app in S3?

A

S3 Select

52
Q

Reasons to use S3 Select?

A

Use SQL to only retrieve data you need

Achieve drastic performance of underlying applications

Data by row or columns

Save money on data transfer

53
Q

When to use Glacier Select?

A

Highly regulated industries:

Allows you to run SQL queries against Glacier directly

54
Q

In AWS Organizations how to have cross account bucket sharing with PROGRAMATIC ACCESS of an entire bucket?

A

Bucket policies & IAM

55
Q

In AWS Organizations how to have cross account bucket sharing with PROGRAMATIC ACCESS for individual objects in S3?

A

Bucket ACLs & IAM

56
Q

How to have cross account bucket sharing with PROGRAMATIC ACCESS or CONSOLE access?

A

Create IAM cross account role

Need account ID for account you want to grant access to

Send the link generated by role to the account you want to grant access to

Can be used by user in the other account switch role to get access to access buckets

57
Q

Prerequisite(s) for enabling Cross Region (CRR) Replication on S3 Bucket

A

Must enable bucket versioning in SOURCE and DESTINATION bucket

58
Q

How to add CRR to an S3 Bucket?

A

Add replication rule on bucket you want to replicate

Create a new IAM role

Select source bucket (can do all or limit scope to a rule using filters)

Can change storage class for replicated objects if you want

Replication time control (set if want to ensure it will be replicated in 15min)

Can even replicate delete markers

59
Q

Does CRR work on objects already in an S3 bucket?

A

No

60
Q

TRUE or FALSE: Any changes made to permissions of objects in source bucket CHANGE the permissions of objects in destination bucket.

A

FALSE

61
Q

TRUE or FALSE: CRR in S3 can be done within the same AWS account OR 2 different AWS Accounts

A

TRUE

62
Q

CRR S3 replication file is written in what format?

A

XML

63
Q

Things that CANNOT be replicated with CRR

A

Objects using CMK stored in KMS - must explicitly enable replication of these objects

Objects with SSE-C encryption on them

Objects in Glacier or Deep Archive

Existing Objects (can only replicate if contact AWS Support)

64
Q

Describe CRR Monitor Architecture

A

Monitor replication status of S3 objects across all AWS regions in customer account

When object added to source S3 bucket, CloudTrail logs the data and triggers CloudWatch event rule.

When triggers sends message to SNS topic in source bucket’s region. SQS queue subscribed to SNS receives message.

After object replication to destination is successful, status info is sent back to SQS. CloudWatch event invokes Lambda to read message from SQS queue and updates DynamoDB with replication status.

65
Q

Size of files that can be uploaded to S3

A

0 bytes - 5 TB

66
Q

Single PUT in S3 max size file

A

5GB

67
Q

Multi-PUT in S3 max file size

A

5TB

68
Q

Single PUT in console max file size

A

160GB

69
Q

Data consistency for S3

A

Read and write for PUTS of new objects

Eventual consistency for overwrite PUTS and DELETES (can take some time)

70
Q

What is true about Amazon S3 URLs for accessing a bucket?

A

You can access buckets using Path-Style URLs and Virtual-host style URLs.

Virtual-host style URLS are the recommended way