S3 and IAM

Question 1

Bucket names are…

Answer 1

Global

Question 2

S3 has read after write consistency for..

Answer 2

Puts of new objects

Question 3

S3 has eventual consistency for…

Answer 3

Puts of existing objects and deletes

Question 4

Name all the s3 and glacier tiers.

Answer 4

S3
S3 Infrequent access
S3 Infrequent access One Zone
S3 intelligent tiering 
S3 glacier
S3 glacier deep archive

Question 5

Name the three types of encryption used with s3.

Answer 5

In transit - such as https

Server side - such as s3-SSE managed keys, s3-kms and s3-SSE-C (customer provided keys)

Client side encryption - such as the client (you) encrypting the data before it gets to the bucket in s3.

Question 6

What are the five facts about s3 ‘versioning’?

Answer 6

Stores all versions of the object which includes overwrite puts and deletes.

Serves as a backup tool.

Once enabled cannot be disabled on the bucket only suspended.

Integrates with life cycle rules.

Versioning supports MFA deletes for better security.

Question 7

When talking about s3 object locks, what does the terms WORM mean?

Answer 7

Write once read many.

Question 8

S3 object locks can be applied to…

Answer 8

The object or across the bucket as a whole.

Question 9

S3 object locks can be applied in two different modes, they are..

Answer 9

Governance mode (locks down to only users who have permissions) and compliance mode ( cannot be modified by anyone during the period the object lock is put in place, this includes the root account user also).

Question 10

S3 object locks can be held by two mechanisms they are…

Answer 10

Retention periods- protects the object or bucket for a certain amount of time from overwrites or deletes.

Legal hold - protects and object for as long as the hold is in place.

Question 11

True or false, S3 glacier vault locks once applied to a vault can be changed?

Answer 11

False

Question 12

When referring to s3 performance, what four subjects are normally considered?

Answer 12

S3 prefixes: and its speed benefits.

S3 sse-kms: and its limitations and quota limits.

S3 multi-part uploads: for upload speeds of larger files.

S3 byte ranges: for parallelised downloads and to download only parts of files such as the header of a file if the calling application does not require the full file to be downloaded.

Question 13

S3 life cycle rules automate..

Answer 13

Moving your objects between the different tiers of storage in s3.

Question 14

S3 life cycle rules can be used in conjunction with?

Answer 14

Versioning

Question 15

S3 life cycle rules can be applied to what versions of the objects within a bucket?

Answer 15

The current version and previous versions

Question 16

S3 select is used to..

Answer 16

Retrieve a subset of data from an object using sql expressions.

Question 17

What are the benefits of using s3 select or glacier select?

Answer 17

Get data by their rows or columns.

Save money on data transfer with increased speed.

Question 18

S3 select enable applications to…

Answer 18

Retrieve only a subset of data from an object by using simple sql expressions. And this can achieve performance increases up to 400% in some cases.

Question 19

What are the advantages of consolidated billing in aws?

Answer 19

One bill per aws account.
Very easy to track charges and allocate costs.
Volume pricing discounts are applied.

Question 20

What are aws organisations?

Answer 20

Aws organisations is an account management service that enables you to consolidate multiple aws accounts into an organisation that you create to centrally manage others. This includes account management, consolidated billing options, security features and features to meet compliance of your business.

Question 21

When using aws organisations you can enable or disable aws services by using…

Answer 21

Service control policies, which apply to an OU or on individual accounts.

Question 22

When sharing s3 buckets across account, there are three ways, these are…

Answer 22

Bucket policies and IAM(applies across the whole bucket and programmatic access only).

Using bucket ACLs and IAM(individual objects and programmatic access only).

Cross account IAM roles (programmatic access and console access).

Question 23

Yes or no, when setting up cross account roles, if account A gives account B access to a role can the root user on account B switch roles under account A?

Answer 23

No

Question 24

In S3 cross region replication, versioning must be enabled on which bucket? The source, the destination or both?

Answer 24

Both, the source and the destination must have versioning enabled.

Question 25

S3 cross region replication, will files existing in the source before the replication is out in place automatically be replicated to the destination?

Answer 25

No, only objects which are placed into the source after cross region replication is turned on will replicate to the destination.

Question 26

S3 cross region replication, are delete markers replicated from the source to the destination?

Answer 26

No.

Question 27

S3 transfer acceleration, describe how this is a benefit and how it is achieved?

Answer 27

S3 transfer acceleration speeds up uploads speed by enabling the use of edge locations which traverse the aws backbone to the bucket.

Question 28

AWS datasync, what is this and how is it used?

Answer 28

Data sync is an agent you can run on your local file servers to synchronise your local storage.

It is used to move large amounts of data from on premises to aws.

It is used with NFS and SMB compatible file systems.

Replication can be done hourly, daily or weekly.

Can be installed on an ec2 instance to replicate efs to efs storage on the cloud.

Question 29

What is cloud front?

Answer 29

A cdn or content delivery network.

Question 30

Regarding clout front, what is an edge location?

Answer 30

This is a location where content will be cached, typically with a time to live or ttl and they are separate from an aws region or availability zone.

Question 31

In cloud front , what do we mean by an origin?

Answer 31

This is the origin of all the files that the cdn will distribute, examples can include a bucket, elastic load balancer or route 53.

Question 32

When talking about cloud front, what do we mean by a distribution?

Answer 32

This is the name given to the cdn which consists of a collection of edge locations.

Question 33

When talking about cloud front, where would we typically use a ‘web distribution’?

Answer 33

When working with websites.

Question 34

When talking about cloud front, when we mention media streaming, what kind of cdn would we look to set up?

Answer 34

An RTMP.

Question 35

True or false, edge location are read only?

Answer 35

False, you can write to them also via puts.

Question 36

Edge locations cache their objects in what manner?

Answer 36

A TTL or time to live.

Question 37

When talking about edge locations, you are allowed to clear cached items in them but what will be the result of doing do?

Answer 37

You will be charged for this service.

Question 38

If you are dealing with a cdn network and you need to push and update but when you do you are not seeing an immediate change to the content, what can you do to speed this process up?

Answer 38

Create an invalidation to force the object or objects on the cdn to expire and the edge will then fetch the latest content from the origin.

Question 39

A signed url use case is best for…

Answer 39

When you are serving one file to the end user.

Question 40

A signed cookie use case is for…

Answer 40

When you are serving multiple files to the user and need to ensure they are securely accessed by the approved user.

Question 41

S3 signed urls are applicable when..

Answer 41

The user can access the bucket.

Question 42

What is aws snowball

Answer 42

Snowball is a secure hardware solution, that allows you to store on premises data for when the cloud is not accessible for upload at a later date. Snowball is also a good solution for uploading large amounts of data to the cloud when it is not feasible over a standard internet connection.

Question 43

Which aws service can aws snowball import and export to?

Answer 43

S3

Question 44

The client has no internet connectivity, however they require storage and compute resources on premesis, what aws service would you recommend? They also want their data to eventually reach an aws s3 storage location.

Answer 44

Snowball edge.

Question 45

Storage gateways, a file gateway is used for..

Answer 45

Flat files, stored directly to s3

Question 46

Storage gateways, volume gateways consist of stored and cached volumes, what are their functions and uses…

Answer 46

Stored volumes - entire dataset is stored on site and is asynchronously backed up to s3.

Cached volumes - entire dataset is stored on s3 and the most frequently accessed files are cached on site.

Question 47

Storage gateways, what are the three types?

Answer 47

File gateways
Volume gateways
Virtual tape library or VTL

Question 48

What is Athena and what does this service do?

Answer 48

Is an interactive query service.
Allows you to query data located in s3 using sql.
It is serverless.
Commonly used to analyse log data stored in s3.

Question 49

What is Marie and what does it do?

Answer 49

It is an AI service to analyze data in s3 and helps indenting PII.
Can also be used to analyze CloudTrail logs for suspicious api activity.
Includes dashboards, reports and alerting.
Good for pci-dss compliance and preventing ID theft.