S3-Overview Flashcards
Amazon S3 Use Cases
- backup and storage
- disaster recovery
- archive
- hybrid cloud storage
- application hosting
- media hosting
- data lakes and big data analytics
- software delivery
- static website
Amazon S3 allows people to store objects (files) in ____.
buckets (directories)
S3 buckets must have a ____ unique name.
globally (across all regions and accounts)
S3 looks like a global service, but buckets are created at the ____ level.
region
S3 bucket naming convention:
- no uppercase, no underscore
- 3-63 chars long
- not an IP
- must start with lowercase letter or number
- must not begin with the prefix xn–
- must not end with the suffix -s3alias
S3 object files have a key.
The key is the full path (not including bucket name):
- s3://my-bucket/my_file.txt
- s3://my-bucket/my_folder/another_folder/my_file.txt
The key is composed of a prefix + object name.
The prefix “myfolder/another_folder/” and the object name is my_file.txt
The max S3 object size is ____.
If uploading more than ____, you must use the “multi-part upload”.
5TB (5000 GB)
5GB
S3 objects have a ____ ID if versioning is enabled.
version
____ are unicode key / value pairs (up to 10) that are useful for security / lifecycle management.
Tags
S3 security can be either ____-based or ____-based.
user-based
resource-based
S3 user-based security is implemented with ____ policies.
IAM policies
Controls which API calls should be allowed for a specific user from IAM.
S3 resource-based security can be implemented in what 3 ways?
Bucket policies - bucket wide rules from the S3 console. Allows cross account.
Object Access Control List - finer grain (can be disabled)
Bucket Access Control List - less common (can be disabled)
An IAM principal can access an S3 object if:
- the user ____ allow it or the ____ policy allows it
- and there is no explicit ____
IAM permissions
resource
deny
S3 objects can be encrypted using encryption keys.
S3 bucket policies are written in ____ format.
JSON
What are the four core components to a S3 bucket json policy?
resources - buckets and objects
effect - allow/deny
actions - set of API to allow or deny
principal - the account or user to apply the policy to
S3 bucket policy can be used to:
- grant public access to the bucket
- force objects to be encrypted at upload
- grant access to another account (cross account)
You can block public access to your buckets at the account level.
S3 can host ____ websites and have them accessible on the internet.
static
With S3 static web hosting, you will get a 403 Forbidden error if you have not enabled ____ access reads on the bucket.
public
this can be enabled with a bucket policy
S3 versioning is enabled at the ____ level.
bucket
It is best practice to version your buckets:
- protects against unintended deletes (ability to restore a version)
- easy rollback to previous version
Any S3 file that is not versioned prior to enabling versioning will have version ____.
null
Suspending bucket versioning does not ____ the previous version.
delete
