S3 (ACG)

Question 1

What is S3?

Answer 1

Simple Storage Service.

S3 provides secure, durable, highly-scalable object storage.

Question 2

S3 Object-based storage

Answer 2

Manages data as objects rather than in file systems our data blocks.

Question 3

What is the S3 storage limit?

Answer 3

Unlimited

Question 4

S3 max object size?

Answer 4

5TB

Question 5

S3 buckets

Answer 5

Similar to folders

Question 6

S3 bucket names

Answer 6

Universal namespace. All AWS accounts share the same S3 namespace. Each S3 bucket names is globally unique.

Question 7

Example S3 URL

Answer 7

https://bucket-name.s3.us-east-1.amazonaws.com/puppy.jpg

Question 8

What http status code do you receive when successfully uploading a file to an S3 bucket?

Answer 8

HTTP 200

Question 9

Key-Value Store

Answer 9

Key is name of object. Value is the data itself.

There’s also version ID and meta data.

Question 10

S3 Availability

Answer 10

Highly available and highly durable. Built for 11 9’s of durability.

Question 11

What are three S3 characteristics?

Answer 11

Tiered storage, lifecycle Management and versioning.

Question 12

How does S3 secure your data?

Answer 12

Server-side encryption, ACLs, and bucket policies.

Question 13

What file types can you upload to S3?

Answer 13

Any file type, but not suitable for OS or DB storage.

Question 14

S3 Standard

Answer 14

1. High availability and durability
   
   • data is stored redundantly across multiple devices in multiple facilities (>= 3 AZs)
   • 99.99% availability
   • 11 9’s of durability
2. Designed for frequent access
3. Suitable for most workloads

Question 15

S3-IA

Answer 15

S3 Standard-Infrequent Access
Designed for infrequently accessed data. Rapid access and pay to access when needed. Per GB storage and per GB retrieval fee.

Great for long term storage and disaster recovery files (min 30 day storage).

Question 16

S3 Glacier

Answer 16

Very cheap storage.

For VERY infrequently accessed data.

You pay each time you access your data.

Use only for archiving data.

90 days minimum or 180 days minimum for Glacier Deep Archive.

Retrieval time ranges from 1 min to 12 hours or default 12 hours for Glacier Deep Archive.

Question 17

Default Bucket Policy

Answer 17

Private by default, only the owner has full rights

Question 18

Bucket policies are written in…

Answer 18

JSON key-value pairs

Question 19

S3 Bucket ACLs

Answer 19

Applied at object level. We can apply different permissions for different objects within a bucket

Question 20

S3 Access Logs

Answer 20

Not enabled by default. Logs are written into another S3 bucket.

Question 21

WORM model

Answer 21

Write Once Read Many

Question 22

S3 Types of Encryption (3 types)

Answer 22

1. Encryption in Transit (HTTPS/SSL/TLS)
2. Encryption At Rest - Server Side (SSE-S3, SSE-KMS (AWS managed), SSE-C (Customer managed)
3. Encryption at Rest - Client Side (encrypt it yourself before upload)

Question 23

Enforcing Server Side Encryption (2 ways)

Answer 23

1. Console - select the encryption setting on your S3 bucket (easiest, just a check box)
2. Bucket Policy

Question 24

Parameter included in the request header to encrypt during upload/put request?

Answer 24

x-amz-server-side-encryption: AE256
OR
x-amz-server-side-encryption: aws:kms

Question 25

How would you enforce encryption in transit?

Answer 25

Bucket policy requiring encryption of data in transit (HTTPS/SSL/TLS).

This policy denies any requests that do not use aws:SecureTransport in the request header.

Question 26

What is CORS?

Answer 26

Cross-Origin Resource Sharing - allowing one S3 bucket access another S3 bucket

Question 27

CloudFront Edge Location

Answer 27

Location where content is cached. Separate to an AWS Region/AZ.

Question 28

CloudFront Origin

Answer 28

Origin of all the files that the distribution will serve. Can be an S3 bucket, EC2 instance, ELB or Route53.

Question 29

CloudFront Distribution

Answer 29

Name given to the Origin and configuration settings for the content you wish to distribute using CloudFront (CDN).

Question 30

CloudFront TTL

Answer 30

The default TTL (time-to-live) is 1 day for objects to be cached and is cleared automatically.

Question 31

Edge locations are READ only. True or false?

Answer 31

FALSE

You can write to them too, i.e. PUT an object on to them.

Question 32

CloudFront Edge Locations are utilized by S3 Transfer Acceleration to reduce latency for S3 uploads. True or false?

Answer 32

TRUE

Question 33

CloudFront objects are cached for the life of the TTL. You can clear cached objects, but you will be charged. True or false?

Answer 33

TRUE

Under “Invalidation” you can manually clear a cached object for a fee.

Question 34

CloudFront is a content delivery network. True or False?

Answer 34

TRUE

Question 35

CloudFront Origin Access Identity

Answer 35

An OAI is a special CloudFront user that can access files in our bucket and serve them to users.

OAI allows us to restrict access to the contents of our bucket via an S3 URL and instead must use the CloudFront URL.

Question 36

What are the three options for CloudFront AllowedMethods?

Answer 36

1. GET, HEAD (default, read-only)
2. GET, HEAD, OPTIONS (read headers)
3. GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE

Question 37

Which three options allows users to have secure access to private files located in S3?

Answer 37

CloudFront Signed URLs
CloudFront Origin Access Identity
CloudFront Signed Cookies

Question 38

What is the maximum file size that can be stored on S3?

Answer 38

5TB

Question 39

Which storage class is suitable for long-term archiving of data and supports millisecond retrieval times?

Answer 39

Glacier Instant Retrieval

Question 40

What is the largest size file you can transfer to S3 using a single PUT operation?

Answer 40

5GB

Question 41

You are hosting a website in an Amazon S3 bucket. Which feature defines a way for client web applications that are loaded in one domain to interact with resources in a different domain?

Answer 41

CORS

Question 42

What is the minimum file size allowed on S3?

Answer 42

0 bytes

Question 43

Which storage class is suitable for long-term archiving of data that occasionally needs to be accessed within a few hours or minutes?

Answer 43

S3 Glacier

Question 44

What is the HTTP code you would see once you successfully place a file in an S3 bucket?

Answer 44

200

Question 45

You are using S3 in ap-northeast-1 to host a static website in a bucket called “acloudguru”. What would the new URL endpoint be?

Answer 45

http://acloudguru.s3-website-ap-northeast-1.amazonaws.com

Question 46

If you encrypt a bucket on S3, what type of encryption does AWS use?

Answer 46

AES-256

Question 47

True or False? An Amazon S3 object owner can optionally share objects with others by creating a presigned URL.

Answer 47

TRUE