S3 (ACG) Flashcards
What is S3?
Simple Storage Service.
S3 provides secure, durable, highly-scalable object storage.
S3 Object-based storage
Manages data as objects rather than in file systems our data blocks.
What is the S3 storage limit?
Unlimited
S3 max object size?
5TB
S3 buckets
Similar to folders
S3 bucket names
Universal namespace. All AWS accounts share the same S3 namespace. Each S3 bucket names is globally unique.
Example S3 URL
https://bucket-name.s3.us-east-1.amazonaws.com/puppy.jpg
What http status code do you receive when successfully uploading a file to an S3 bucket?
HTTP 200
Key-Value Store
Key is name of object. Value is the data itself.
There’s also version ID and meta data.
S3 Availability
Highly available and highly durable. Built for 11 9’s of durability.
What are three S3 characteristics?
Tiered storage, lifecycle Management and versioning.
How does S3 secure your data?
Server-side encryption, ACLs, and bucket policies.
What file types can you upload to S3?
Any file type, but not suitable for OS or DB storage.
S3 Standard
- High availability and durability
- data is stored redundantly across multiple devices in multiple facilities (>= 3 AZs)
- 99.99% availability
- 11 9’s of durability
- Designed for frequent access
- Suitable for most workloads
S3-IA
S3 Standard-Infrequent Access
Designed for infrequently accessed data. Rapid access and pay to access when needed. Per GB storage and per GB retrieval fee.
Great for long term storage and disaster recovery files (min 30 day storage).
S3 Glacier
Very cheap storage.
For VERY infrequently accessed data.
You pay each time you access your data.
Use only for archiving data.
90 days minimum or 180 days minimum for Glacier Deep Archive.
Retrieval time ranges from 1 min to 12 hours or default 12 hours for Glacier Deep Archive.
Default Bucket Policy
Private by default, only the owner has full rights
Bucket policies are written in…
JSON key-value pairs
S3 Bucket ACLs
Applied at object level. We can apply different permissions for different objects within a bucket
S3 Access Logs
Not enabled by default. Logs are written into another S3 bucket.
WORM model
Write Once Read Many
S3 Types of Encryption (3 types)
- Encryption in Transit (HTTPS/SSL/TLS)
- Encryption At Rest - Server Side (SSE-S3, SSE-KMS (AWS managed), SSE-C (Customer managed)
- Encryption at Rest - Client Side (encrypt it yourself before upload)
Enforcing Server Side Encryption (2 ways)
- Console - select the encryption setting on your S3 bucket (easiest, just a check box)
- Bucket Policy
Parameter included in the request header to encrypt during upload/put request?
x-amz-server-side-encryption: AE256
OR
x-amz-server-side-encryption: aws:kms
How would you enforce encryption in transit?
Bucket policy requiring encryption of data in transit (HTTPS/SSL/TLS).
This policy denies any requests that do not use aws:SecureTransport in the request header.
What is CORS?
Cross-Origin Resource Sharing - allowing one S3 bucket access another S3 bucket
CloudFront Edge Location
Location where content is cached. Separate to an AWS Region/AZ.
CloudFront Origin
Origin of all the files that the distribution will serve. Can be an S3 bucket, EC2 instance, ELB or Route53.
CloudFront Distribution
Name given to the Origin and configuration settings for the content you wish to distribute using CloudFront (CDN).
CloudFront TTL
The default TTL (time-to-live) is 1 day for objects to be cached and is cleared automatically.
Edge locations are READ only. True or false?
FALSE
You can write to them too, i.e. PUT an object on to them.
CloudFront Edge Locations are utilized by S3 Transfer Acceleration to reduce latency for S3 uploads. True or false?
TRUE
CloudFront objects are cached for the life of the TTL. You can clear cached objects, but you will be charged. True or false?
TRUE
Under “Invalidation” you can manually clear a cached object for a fee.
CloudFront is a content delivery network. True or False?
TRUE
CloudFront Origin Access Identity
An OAI is a special CloudFront user that can access files in our bucket and serve them to users.
OAI allows us to restrict access to the contents of our bucket via an S3 URL and instead must use the CloudFront URL.
What are the three options for CloudFront AllowedMethods?
- GET, HEAD (default, read-only)
- GET, HEAD, OPTIONS (read headers)
- GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
Which three options allows users to have secure access to private files located in S3?
CloudFront Signed URLs
CloudFront Origin Access Identity
CloudFront Signed Cookies
What is the maximum file size that can be stored on S3?
5TB
Which storage class is suitable for long-term archiving of data and supports millisecond retrieval times?
Glacier Instant Retrieval
What is the largest size file you can transfer to S3 using a single PUT operation?
5GB
You are hosting a website in an Amazon S3 bucket. Which feature defines a way for client web applications that are loaded in one domain to interact with resources in a different domain?
CORS
What is the minimum file size allowed on S3?
0 bytes
Which storage class is suitable for long-term archiving of data that occasionally needs to be accessed within a few hours or minutes?
S3 Glacier
What is the HTTP code you would see once you successfully place a file in an S3 bucket?
200
You are using S3 in ap-northeast-1 to host a static website in a bucket called “acloudguru”. What would the new URL endpoint be?
http://acloudguru.s3-website-ap-northeast-1.amazonaws.com
If you encrypt a bucket on S3, what type of encryption does AWS use?
AES-256
True or False? An Amazon S3 object owner can optionally share objects with others by creating a presigned URL.
TRUE
