S3 (Simple Storage Service) Flashcards
True or False, S3 bucket names must be globally unique?
True
In S3 files you upload are referred to as what?
Objects
The minimum and maximum size of an S3 Object
min: 0 Bytes
max: 5 Terabytes
The 6 types of S3 storage classes
Standard - (default)
Replicated across at least three AZs
Intelligent Tiering
Uses ML to analyze your object usage and determine the appropriate storage class. Data is moved to the most cost-effective access tier, without any performance impact or added overhead.
Standard Infrequently / Accessed (IA)
Cheaper if you access files less than once a month
(reduced availability)
Accessed (IA)
Objects only exist in one AZ. (Reduce durability) Data could get destroyed. A retrieval fee is applied.
Glacier
For long-term cold storage. Retrieval of data can take minutes to hours but the off is very cheap storage
Glacier Deep Archive
The lowest cost storage class. Data retrieval time is 12 hours.
In S3, Which is the lowest cost storage class, but also has the longest retrieval time for data?
Glacier Deep Archive
ˈgleɪʃər dip ˈɑrˌkaɪv
The 2 S3 Storage Classes used for Cold Storage
- Glacier
- Glacier Deep Archive
ˈgleɪʃər dip ˈɑrˌkaɪv
The durability % guaranteed for S3’s standard storage class
99.99999999999% (11 9s)
In S3, What is IA?
Infrequently Accessed
S3 Standard-IA is for data that is accessed less frequently, but requires rapid access when needed. S3 Standard-IA offers the high durability, high throughput, and low latency of S3 Standard, with a low per GB storage price and per GB retrieval fee.
In S3, Which 2 types of storage class have no data retrieval fees?
Standard
Intelligent Tiering
The rest of storage classes have the value of “Per GB”
What is the minimum storage duration for Intelligent Tiering, Standard IA and One-Zone IA?
30 days
What are the 2 methods of access control in S3?
Bucket Policies
Use a policy to define complex rule access.
Access Control Lists (ACL)
Legacy feature but not deprecated
Are All new buckets created public private by default?
Private
The process of encrypting files before uploading them to S3 is called what?
Client-Side Encryption (CSE)
How is data encrypted while in-transit?
SSL/TLS
The 3 types of server-side encryption (SSE) in S3
SSE-AES (AES-256)
SSE-KMS (AWS-KMS)
SSE-C (You provide the key yourself)
What are the three types of encryption in S3
Encryption in transit
Traffic, SSL/TLS
SSE - (Client side Encryption) Encryption at rest
AES, KMS, SSE-C
CSE (Client side Encryption)
You encrypt data before upload it
Which type of data consistency occurs when you overwrite an existing object in S3?
Eventual Consistency
True or False, when you upload a brand new file you can immediately read it back after uploading
True
The 2 types of data consistency in S3
Read After Write Consistency
When you upload a new S3 object you are able read immediately after writing.
Eventual Consistency
When you overwrite or delete an object it takes time for S3 to replicate versions to AZs.
If you were to read immediately, S3 may return you an old copy. You need to generally wait a few seconds before reading.
True or False, with Cross Region Replication (CRR) you can replicate data into a different AWS account
True
Create new bucket > Turn on versioning > Management > Replication > Add rule > Entire Bucket
Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. Object may be replicated to a single destination bucket or multiple destination buckets. Destination buckets can be in different AWS Regions or within the same Region as the source bucket.
To enable object replication, you add a replication configuration to your source bucket. The minimum configuration must provide the following:
- The destination bucket or buckets where you want Amazon S3 to replicate objects
- An AWS Identity and Access Management (IAM) role that Amazon S3 can assume to replicate objects on your behalf
What are 2 benefits of enabling Cross Region Replication (CRR) for your S3 data?
Higher durability
Better disaster recovery
You must have this enabled on both the source and destination buckets in order to enable Cross Region Replication (CRR) for S3
Versioning
S3, True or False, once versioning is enabled it cannot be disabled, only suspended
True
This S3 feature helps protect against deletion of your S3 data
MFA Delete
Which 2 of the following are valid transition actions for S3 lifecycle policies?
Permanently delete data
Move data to S3 Glacier
True or False, Lifecycle policies can be applied to both current and previous versions of a file
True
The S3 feature that lets you automate moving objects to Glacier archive storage after a certain period of time
S3 Lifecycle Policies
- Automate the process of moving objects to different Storage classes or deleting objects all together.
- Can be used together with versioning Can be applied to both current and previous versions
Eg. After 7 days, a policy will take some files and will move them to glacier
With S3 transfer acceleration, instead of uploading directly to a bucket, you use this to access an edge location
Distinct URL
As data arrives at the edge location It is automatically routed to s3 over a specially optimized network path (Amazon’s Backbone Network)
Fast and secure transfer of files over long distances between your end users and an S3 bucket.
Transfer Acceleration
As data arrives at the edge location It is automatically routed to s3 over a specially optimized network path (Amazon’s Backbone Network)
Which 2 ways can you generate presigned URLs for S3?
AWS CLI
AWS SDK
True or False, presigned URLs generally expire just a few seconds after they are created
True
You have a web-application which needs to allow users to download files from a password protected part of your web-app. Your web-app generates presigned url which expires after some seconds. The user downloads the file.
You can use these to provide temporary access to private S3 objects
Presigned URLs and Presigned Cookies
How can you enable MFA Delete for S3?
AWS CLI
Which S3 feature must be enabled in order to turn on MFA Delete?
Versioning
If your using MFA Delete, Who can delete objects from a bucket?
Only the bucket owner logged in as Root User can DELETE objects from bucket
What is S3?
What are its 10 key elements?
- It’s storage for the Internet. It is designed to make web-scale computing easier for developers.
- Lifecycle management (Move or delete objects)
- Versioning
- MFA Delete (Token required in order to delete objects)
- Access Control - (Bucket Policies, ACL’s)
- 3 Security options (In Transit, SSE, CSE)
- 3 SSE options (AES, KMS, C)
- Cross Region Replication
- Transfer Acceleration (Faster uploads)
- Presigned URL (Temporary access)
- 6 Storage Classes (Standard, Intelligent Tiering…)
