S3 - Overview/Security Flashcards
What is Amazon S3?
Amazon S3 is a highly scalable storage service used for storing and retrieving data, offering “infinitely scaling storage.”
Name some key use cases for Amazon S3.
1️⃣ Backup and storage (files, disks).
2️⃣ Disaster recovery (data replication across regions).
3️⃣ Archival storage (cheaper, long-term retrieval).
4️⃣ Hybrid cloud storage (on-premises to cloud expansion).
5️⃣ Hosting applications or media.
6️⃣ Data lakes for big data analytics.
7️⃣ Delivering software updates.
8️⃣ Hosting static websites.
What are the requirements for an S3 bucket name?
1️⃣ Must be globally unique.
2️⃣ Must have no uppercase letters or underscores.
3️⃣ Must be between 3 and 63 characters long.
4️⃣ Must not resemble an IP address.
5️⃣ Must start with a lowercase letter or number.
Are S3 buckets global or regional?
Buckets are defined at the regional level, but their names must be globally unique.
What is an Amazon S3 object key?
The key is the full path of a file in a bucket, including its prefix and object name.
What is the maximum object size in S3, and how is it handled?
The max object size is 5 TB. Files larger than 5 GB must be uploaded using multi-part upload.
What is an S3 bucket?
An S3 bucket is a top-level directory in Amazon S3 that stores files, called objects.
What are the two main types of security in Amazon S3?
1️⃣ User-Based Security: Uses IAM policies to authorize API calls for specific IAM users.
2️⃣ Resource-Based Security: Includes S3 Bucket policies and Object Access Control Lists (ACLs).
What is an S3 Bucket policy?
A JSON-based policy that specifies permissions for buckets and objects, including access for specific users, accounts, or public access.
What is the role of the “Block Public Access” settings in S3?
It prevents buckets and objects from being made public, even if a public Bucket policy is applied, reducing the risk of accidental data leaks.
What are the methods to grant access to S3 for different entities?
1️⃣ IAM permissions for users in your account.
2️⃣ IAM roles for EC2 instances.
3️⃣ Bucket policies for cross-account access.
What are Object Access Control Lists (ACLs)?
Fine-grained security controls at the object level, though less commonly used and can be disabled.
What happens if “Block Public Access” is enabled at the account level?
None of the buckets in the account can be made public, regardless of individual bucket policies.
What does it mean if you receive a 403 error when trying to access a website hosted through Amazon S3?
The S3 bucket isn’t public.
Where can you enable object versioning in S3?
It’s enabled on the bucket level
