S3 Encryption and Versioning Flashcards
What are the two types of Encryption in S3?
Encryption in Transit and Encryption at Rest
How is Encryption in Transit achieved?
using SSL and TLS.
“https://” generally means you are using what type of encryption?
Encryption in Transit
What is Encryption at Rest?
Encryption at Rest is encryption of data being stored (as opposed to data being transmitted)
How can you achieve Encryption at Rest on the server side?
- S3 Managed Keys (SSE-S3), where Amazon manages the keys for you
- AWS Key Management Service, Managed Keys (SEE-KMS), where you and Amazon handle the keys together
- Server Side Encryption with Customer Provided Keys (SSE-C): You manage keys yourself, and give your own keys to Amazon
How can you achieve Encryption at Rest on the client side?
You encrypt an object, then upload that (encrypted) object to S3
What is S3 Versioning? Why is it useful?
S3 Versioning stores all versions of an object, including all writes and even if you delete an object, making it a great backup tool
Once enabled, how do you disable versioning?
Once enabled, versioning cannot be disabled, only suspended.
Suppose you have a public file in an S3 bucket, and then upload a new version of that file. Is the new version of the file also public?
No
What is the size of an S3 bucket?
The size of an S3 bucket is the sum over all objects in the bucket of the sum over all versions of each object of the size of the version
Σobjects in bucket (Σversions of object version)
What happens when you go to “Actions -> Delete” on an object in an S3 bucket?
- This does not “actually” delete the file.
- Instead, it creates a new version of the file with a delete marker on it.
- So, to restore the file, you should delete the version with the delete marker.
What happens when you go to “Actions -> Delete” on the latest version of an object in an S3 bucket?
- Actions -> Delete on a version deletes that version.
- Deleting the latest version restores the previous version as the latest version
How can I provide an additional layer of security to prevent people from actually deleting a file in an S3 bucket?
Turn on MFA Delete
In S3, what does Lifecycle Management do?
Let’s you configure automatically moving and deleting objects in S3 after some time
(Source: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)
Suppose I want to automatically transition files into different tiered storage classes after a certain amount of time. How might I be able to do this?
Utilize Lifecycle Management rules