S3 Encryption and Versioning

Question 1

What are the two types of Encryption in S3?

Answer 1

Encryption in Transit and Encryption at Rest

Question 2

How is Encryption in Transit achieved?

Answer 2

using SSL and TLS.

Question 3

“https://” generally means you are using what type of encryption?

Answer 3

Encryption in Transit

Question 4

What is Encryption at Rest?

Answer 4

Encryption at Rest is encryption of data being stored (as opposed to data being transmitted)

Question 5

How can you achieve Encryption at Rest on the server side?

Answer 5

• S3 Managed Keys (SSE-S3), where Amazon manages the keys for you
• AWS Key Management Service, Managed Keys (SEE-KMS), where you and Amazon handle the keys together
• Server Side Encryption with Customer Provided Keys (SSE-C): You manage keys yourself, and give your own keys to Amazon

Question 6

How can you achieve Encryption at Rest on the client side?

Answer 6

You encrypt an object, then upload that (encrypted) object to S3

Question 7

What is S3 Versioning? Why is it useful?

Answer 7

S3 Versioning stores all versions of an object, including all writes and even if you delete an object, making it a great backup tool

Question 8

Once enabled, how do you disable versioning?

Answer 8

Once enabled, versioning cannot be disabled, only suspended.

Question 9

Suppose you have a public file in an S3 bucket, and then upload a new version of that file. Is the new version of the file also public?

Answer 9

No

Question 10

What is the size of an S3 bucket?

Answer 10

The size of an S3 bucket is the sum over all objects in the bucket of the sum over all versions of each object of the size of the version

Σ_{objects in bucket} (Σ_{versions of object} version)

Question 11

What happens when you go to “Actions -> Delete” on an object in an S3 bucket?

Answer 11

• This does not “actually” delete the file.
• Instead, it creates a new version of the file with a delete marker on it.
• So, to restore the file, you should delete the version with the delete marker.

Question 12

What happens when you go to “Actions -> Delete” on the latest version of an object in an S3 bucket?

Answer 12

• Actions -> Delete on a version deletes that version.
• Deleting the latest version restores the previous version as the latest version

Question 13

How can I provide an additional layer of security to prevent people from actually deleting a file in an S3 bucket?

Answer 13

Turn on MFA Delete

Question 14

In S3, what does Lifecycle Management do?

Answer 14

Let’s you configure automatically moving and deleting objects in S3 after some time

_{(Source: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)}

Question 15

Suppose I want to automatically transition files into different tiered storage classes after a certain amount of time. How might I be able to do this?

Answer 15

Utilize Lifecycle Management rules

Question 16

Can you apply lifecycle management rules to specific versions of a file?

Answer 16

Yes. Lifecycle management can be used in conjunction with versioning, and can be applied to current versions and previous versions