S3/Glacier

Question 1

What is S3?

Answer 1

Simple Storage Service. It provides object based (blob) storage. It was one of the first AWS services introduced back in 2006.

Question 2

Why would I use S3?

Answer 2

Analytics: Data lakes (Athena, Redshift Spectrum, QuickSight), IoT Streaming Data repository (Kinesis Firehose), AI/ML Storage (Rekognition, Lex, MXNet) , Storage class analysis (S3 Mgmt analytics)

Static Web Hosting: simple and massively scalable static website hosting

BitTorrent: use the BitTorrent protocol to retrieve any publicly available object by automatically generating a .torrent file

Question 3

What is the largest S3 object size?

Answer 3

5TB

Question 4

What is the largest object in a single PUT?

Answer 4

5GB

Question 5

When is it recommended to use multi-part uploads?

Answer 5

If yourfile is larger than 100MB

Question 6

What is a key?

Answer 6

Is NOT a file path though it looks like one pointing to an object store. It’s the name of the record in the file store

Question 7

What are S3 storage classes and what is the purpose of each?

Answer 7

1. Standard: frequently accessed data
2. Standard-IA: long-lived, infrequently access data
3. One Zone-IA: long-lived, infrequently accessed, non-critical data
4. Reduced redundancy: frequently accessed, non-critical data
5. Intelligent-tiering; long-lived data with changing or unknown access patterns
   - –
   i. Glacier: long-term data archiving with retrieval times ranging from minutes to hours
   ii. Glacier Deep Archive: long-term data archiving with retrieval times within 12 hours

Question 8

What is intelligent tiering?

Answer 8

Moves files to the next tier based on data type/usage

Question 9

Does intelligent tiering add to the cost?

Answer 9

Yes, it adds some but you will save money due to changing to lower tiers

Question 10

What is intelligent tiering archive?

Answer 10

Automatically moves data to Glacier or DeepGlacier after a certain period of time. This is NOT lifecycle management

Question 11

What is S3 Lifecycle Management?

Answer 11

It moves data to other storage classes at a set time.

Question 12

What are the benefits of S3 Lifecycle Management?

Answer 12

1. Optimize storage costs
2. Adhere to data retention policies using automation
3. Helps keep S3 volumes well-maintained
4. Data destruction is one of the more difficult tasks and this helps provide clarity and enforcement

Question 13

What are the Lifecycle rules based on?

Answer 13

1. Prefixes
2. Tags
3. Current vs previous versions

Question 14

What is storage class analysis?

Answer 14

A useful tool within S3 that helps you ensure you are using your storage in the most cost-effective manner. You can run reports to view the frequency at which data is accessed and then potentially change storage type.

Question 15

What is the “Requester Pays” cost option?

Answer 15

The requester rather than the bucket owner pays for requests AND data transfer

Question 16

Does S3 support tagging?

Answer 16

Yes, assign tags to objects for use in costing, billing, security etc

Question 17

What is an S3 Event?

Answer 17

This occurs when an action is taken on a bucket or object and triggers notifications to SNS, SQS, or Lambda

Question 18

What is transfer acceleration?

Answer 18

Speeds up data uploads using CloudFront (PoP locations) in reverse

Question 19

How is S3 secured?

Answer 19

1. Resource-based through object ACL and bucket policies
2. User-based through IAM policies
3. Optional multi-factor authentication before delete
4. Through encryption at rest and in transit

Question 20

How is MFA used in S3?

Answer 20

1. Safeguards against accidental deletion of an object

2. Safeguards against changing the versioning state of your bucket

Question 21

What are the options for encryption at rest?

Answer 21

1. SSE-S3: Use S3’s existing encryption key for AES-256
2. SSE-C: Upload your own AES-256 key which S3 will use when it writes the objects
3. SSE-KMS: Use a key generated and managed by AWS KMS
4. Client-Side: Encrypt objects using own local encryption process before uploading to S3 (PGP, GPG)

Question 22

What is PGP?

Answer 22

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography; each step uses one of several supported algorithms. Each public key is bound to a username or an e-mail address.

Question 23

What is GPG?

Answer 23

GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec’s PGP cryptographic software suite.

GnuPG is a hybrid-encryption software program because it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient’s public key to encrypt a session key which is used only once.

Question 24

Why would you use PGP vs GPG?

Answer 24

PGP is used by the software of the RSA and the algorithm of IDEA encryption, and, on the other hand, GPG is used in software having advanced encryption of NIST and AES, which are standardized forms of by nature.

PGP has restrictions when it comes to using for personal and commercial use, and on the other hand, GPG can be used in both personal and commercial services by downloading the free digital signature and encrypted program.
PGP is actually owned by a company called Symantec, which is a proprietary solution, while, on the other hand, GPG is a source that is open to all in a standard form.

Question 25

How does S3 protect data?

Answer 25

1. Versioning
2. Multi-factor authentication
3. Cross-region replication

Question 26

What is versioning?

Answer 26

A means of keeping multiple variants of an object in the same bucket. New version with each write. It enables “roll-back” and “un-delete” capabilities

Question 27

How can you use S3 versioning?

Answer 27

To preserve, retrieve, and restore every version of every object stored in an S3 bucket. You can easily recover from both unintended user actions and application failures

Question 28

Do old versions count towards the bill?

Answer 28

Yes, until they are permanently deleted

Question 29

Is versioning integrated with lifecycle management?

Answer 29

Yes, you can use Lifecycle management to delete old versions automatically after a certain number of days

Question 30

Why would I use Cross-region replication?

Answer 30

1. Security
2. Compliance
3. latency

Question 31

What are some characteristics of Glacier?

Answer 31

1. It’s a service by itself with its own API, console, etc
2. Cheap, slow to respond, and seldom accessed
3. Used by AWS Storage Gateway Virtual Tape Library (VTL)
4. Integrated with AWS S3 via Lifecycle Management
5. Faster retrieval speed options if you pay more, though it is still meant to be long-term storage. It’s not fast enough for online content.

Question 32

What are the components of Glacier?

Answer 32

1. Glacier Vault (like an S3 bucket)
2. Archive – like an S3 object
3. Policies with Access

Question 33

What is a glacier policy?

Answer 33

It defines what rules the vault must obey

Question 34

What is Glacier Vault Lock?

Answer 34

1. It is different than the vault access policy
2. It enforces rules like no deletes or MFA
3. It’s immutable meaning it can’t change though it can be overwritten or deleted.

Question 35

What are the characteristics of an archive?

Answer 35

1. It can be a file including a zip, tar, etc
2. The max size is 40TB
3. Immutable

Question 36

How do I create a Vault Lock?

Answer 36

1. Create a Vault Lock
2. Initiate a vault lock
3. 24 hour timer starts to confirm vault lock is performing
   i. If it elapses and you don’t confirm it the process aborts
   ii. If you complete the lock it sets permanently

Question 37

What happens if you delete an object in a versioning-enabled S3 bucket?

Answer 37

Amazon S3 inserts a delete marker instead of removing the object permanently. The delete marker becomes the current object version

Question 38

Does the SOAP API in S3 support versioning?

Answer 38

SOAP support over HTTP is deprecated, but it is still available over HTTPS. New Amazon S3 features are not supported for SOAP

Question 39

How are objects charged in S3 versioning?

Answer 39

Normal Amazon S3 rates apply for every version of an object stored and transferred.

Question 40

In what versioning states can an S3 bucket object reside?

Answer 40

Unversioned (the default)
Versioning-enabled
Versioning-suspended

After you version-enable a bucket, it can never return to an unversioned state.

Question 41

What happens to objects that existed prior to enabling versioning in S3?

Answer 41

Objects that are stored in your bucket before you set the versioning state have a version ID of null. When you enable versioning, existing objects in your bucket do not change. What changes is how Amazon S3 handles the objects in future requests.

Question 42

What happens if you have an object expiration lifecycle policy in your unversioned bucket and you want to maintain the same permanent delete behavior when you enable versioning?

Answer 42

You must add a noncurrent expiration policy. The noncurrent expiration lifecycle policy manages the deletes of the noncurrent object versions in the version-enabled bucket.

Question 43

What are the transfer acceleration URLs?

Answer 43

xyz. s3-accelerate.amazonaws.com

xyz. s3-accelerate.dualstack.amazonaws.com

Question 44

What is the S3 Transfer Acceleration Speed Comparison tool used for?

Answer 44

comparing general upload speed across different AWS regions