S3 Part 2 Flashcards
What must be enabled to enabled MFA delete?
When will you need MFA?
Who can enable MFA-Delete?
How can MFA delete be enabled?
Bucket versioning.
To permanently delete an object version or suspend versioning on the bucket
Only the bucket owner (Root account)
It can only be enabled via the CLI.
What can you see in access logs?
Where are the logs stored
Should you application and access log utilize the same S3 bucket? Why or why not?
If there are authorization issues or attacks, etc how can you analize them
All of the requests made to your s3 bucket
In an S3 bucket?
No because it will cause the logs to go into an infinite loop.
By reviewing the access logs
What are the Cross Region Replication (CRR) use-cases?
What are the Single Region Replication use cases?
Is copying synchronous or async?
What objects replicated after enabling replication?
Regarding delete operations, are delete markers replicated from the source to the target?
Is the deleting of individual versions replicated?
Will replication be chained from a bucket 1 -> 2 -> 3?
Compliance, lower latency access, replication across accounts.
Log aggregation, live replicatoin between production and test accounts.
Only the new objects.
Yes, but only if that setting is enabled.
No, this is to prevent a malicious actor.
No, repliation would only happen from bucket 1 -> bucket 2
How long are pre-signed URLs valid for?
How can you change the time that a pre-signed URL is valid for?
What happens to the permissions of users that are given a pre-signed URL?
What are some use-cases for using pre-signed URLs?
By default 3600 seconds.
By using the –expires-in [time_in_seconds} argument
They inherit the permissions of the person who generate the URL for GET/PUT
Allow logged in users to download a premium video on your s3 bucket.
Allow temporarily a users to upload a file to a precise location in our bucket.
What are the use-cases for general purpose S3?
What’s the use-case for S3 Standard Infrequent Access (IA).
What are the use-cases for S3 One Zone Infrequent Access.
What is the downside of using One Zone Infrequent Access?
What does S3 Intelligent Tiering Do?
What additional fee is associated with S3 Intelligent tiering?
Big Data analytics, mobile & gaming applications, content distribution.
Data that needs to be accessed less frequently, but requires rapid access when needed. (Data store for disaster recovers, backups, etc)
Storing secondary backup copies of on-premise data, or storing data you can recreate (like thumbnails).
If the AZ goes down all data will be lost.
It moves data between tiers based on access.
A small monthly auto-tiering fee
What is the use-case for Glacier?
What is glacier an alternative to?
What is an item in Glacier called?
What is a buckertalled in Glacier?
Low cost storage meant for archiving and backups that can be stored for 10s of years.
Magnetic tape
An archive.
A vault
What are the retrieval options for Glacier?
What is the minimum storage duration?
Expedited (1 - 5 minutes)
Standard (3 - 5 hours)
Bulk (5 to 12 hours)
90 days
What is the use-case for glacier deep archive?
What is the quickest retrieval time for deep archive?
What are the retrieval options for deep archive?
What is the minimum storage duration for deep archive?
Long term (min 180 days) storage where quick retrieval is not needed. Cheaper than regular glacier
12 hours.
Standard (12 hours)
Bulk (48 hours)
180 days
What is a transition action?
What are expiration actions?
What are some of the ways to specify which bucket and objects the rules apply to?
What is the minimum amount of time an object must be in regular storage before it is transitioned?
It defines when objects are transitions to another storage class.
Ex move objects to standard IA after 60 days after creation. Move glacier to archiving after 6 months.
Configure objects to expire (delete) after some time.
Ex: Access log files can be set to delete after 365 days
Can be used to delete old versions of files if versioning is enabled
Can be used to delete incomplete multi-part uploads
Rules can be created for a certain prefix Ex s#://mybucket/mp3/*
or for an certain object tag (Department: Finance)
30 days
What does S3 analytics help you do?
What is the performance of S3?
How can you get the maximum baseline performance out of S3?
How can KMS limit the performance of S3 and how can this limitation be overcome?
It helps you determine when to transition objects from standard IA. It’s a good first step to put together lifecycle rules or improve them.
3,500 put/copy/post/delete operations per second per prefix
5,500 get/head requests per second
Spread frequently accessed objects across different prefixes.
KMS has a maximum quota of 30k rps depending on the region. If your using encryption on your buckets, you may need to request an additional quota since each uploand and download request will make a request to KMS
How does Multi-part upload increase the performance of file transfers?
What is S3 transfer acceleration?
It parallelizes uploads. Ex ex part of the file upload can happen concurrently?
It increases transfer speed by transferring a file to a edge location which will forward the data to the s3 bucket in the target region. Ex if you want to upload a file from the US to Australia, you would use the S3 you could use transfer acceleration by uploading it to the US edge location which would then forward the data to S3
How can you improve the performance of get requests?
You can parallelize gets by using byte range fetches or you can only retrieve a part of the file using a byte range. Ex only retrieve the header.
What is s3 select/glacier select?
Is allows you to select rows and columns from an s3 file by sending a basic sql query. This will save you network and time as you do not need to download the whole file
What are s3 events?
What are the s3 event channels?
What could happen if 2 there are 2 simultaneous writes to a non-versioned file. How can this be prevented from happening?
S3 events allow you to receive notifications when certain events happen in your S3 bucket. Ex an object is created or written to.
SNS, SQS, and Lambda functions
It is possible that only one event is triggered. This can be prevented if versioning is enabled.
What is requestor pays buckets?
When would this be helpful?
You can create a requestor pays bucket so a non-anonymous user will be billed for the network cost of downloading a file. form s3.
If you want to share large datasets with other accounts.