S3 (Simple Storage Service)

Question 1

True or False, S3 bucket names must be globally unique?

Answer 1

True

Question 2

In S3 files you upload are referred to as what?

Answer 2

Objects

Question 3

The minimum and maximum size of an S3 Object

Answer 3

min: 0 Bytes
max: 5 Terabytes

Question 4

The 6 types of S3 storage classes

Answer 4

Standard - (default)
Replicated across at least three AZs

Intelligent Tiering
Uses ML to analyze your object usage and determine the appropriate storage class. Data is moved to the most cost-effective access tier, without any performance impact or added overhead.

Standard Infrequently / Accessed (IA)
Cheaper if you access files less than once a month
(reduced availability)

Accessed (IA)
Objects only exist in one AZ. (Reduce durability) Data could get destroyed. A retrieval fee is applied.

Glacier
For long-term cold storage. Retrieval of data can take minutes to hours but the off is very cheap storage

Glacier Deep Archive
The lowest cost storage class. Data retrieval time is 12 hours.

Question 5

In S3, Which is the lowest cost storage class, but also has the longest retrieval time for data?

Answer 5

Glacier Deep Archive

ˈgleɪʃər dip ˈɑrˌkaɪv

Question 6

The 2 S3 Storage Classes used for Cold Storage

Answer 6

• Glacier
• Glacier Deep Archive

ˈgleɪʃər dip ˈɑrˌkaɪv

Question 7

The durability % guaranteed for S3’s standard storage class

Answer 7

99.99999999999% (11 9s)

Question 8

In S3, What is IA?

Answer 8

Infrequently Accessed

S3 Standard-IA is for data that is accessed less frequently, but requires rapid access when needed. S3 Standard-IA offers the high durability, high throughput, and low latency of S3 Standard, with a low per GB storage price and per GB retrieval fee.

Question 9

In S3, Which 2 types of storage class have no data retrieval fees?

Answer 9

Standard
Intelligent Tiering

The rest of storage classes have the value of “Per GB”

Question 10

What is the minimum storage duration for Intelligent Tiering, Standard IA and One-Zone IA?

Answer 10

30 days

Question 11

What are the 2 methods of access control in S3?

Answer 11

Bucket Policies
Use a policy to define complex rule access.

Access Control Lists (ACL)
Legacy feature but not deprecated

Question 12

Are All new buckets created public private by default?

Answer 12

Private

Question 13

The process of encrypting files before uploading them to S3 is called what?

Answer 13

Client-Side Encryption (CSE)

Question 14

How is data encrypted while in-transit?

Answer 14

SSL/TLS

Question 15

The 3 types of server-side encryption (SSE) in S3

Answer 15

SSE-AES (AES-256)
SSE-KMS (AWS-KMS)
SSE-C (You provide the key yourself)

Question 16

What are the three types of encryption in S3

Answer 16

Encryption in transit
Traffic, SSL/TLS

SSE - (Client side Encryption) Encryption at rest
AES, KMS, SSE-C

CSE (Client side Encryption)
You encrypt data before upload it

Question 17

Which type of data consistency occurs when you overwrite an existing object in S3?

Answer 17

Eventual Consistency

Question 18

True or False, when you upload a brand new file you can immediately read it back after uploading

Answer 18

True

Question 19

The 2 types of data consistency in S3

Answer 19

Read After Write Consistency
When you upload a new S3 object you are able read immediately after writing.

Eventual Consistency
When you overwrite or delete an object it takes time for S3 to replicate versions to AZs.
If you were to read immediately, S3 may return you an old copy. You need to generally wait a few seconds before reading.

Question 20

True or False, with Cross Region Replication (CRR) you can replicate data into a different AWS account

Answer 20

True

Create new bucket > Turn on versioning > Management > Replication > Add rule > Entire Bucket

Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. Object may be replicated to a single destination bucket or multiple destination buckets. Destination buckets can be in different AWS Regions or within the same Region as the source bucket.

To enable object replication, you add a replication configuration to your source bucket. The minimum configuration must provide the following:

• The destination bucket or buckets where you want Amazon S3 to replicate objects
• An AWS Identity and Access Management (IAM) role that Amazon S3 can assume to replicate objects on your behalf

Question 21

What are 2 benefits of enabling Cross Region Replication (CRR) for your S3 data?

Answer 21

Higher durability

Better disaster recovery

Question 22

You must have this enabled on both the source and destination buckets in order to enable Cross Region Replication (CRR) for S3

Answer 22

Versioning

Question 23

S3, True or False, once versioning is enabled it cannot be disabled, only suspended

Answer 23

True

Question 24

This S3 feature helps protect against deletion of your S3 data

Answer 24

MFA Delete

Question 25

Which 2 of the following are valid transition actions for S3 lifecycle policies?

Answer 25

Permanently delete data

Move data to S3 Glacier

Question 26

True or False, Lifecycle policies can be applied to both current and previous versions of a file

Answer 26

True

Question 27

The S3 feature that lets you automate moving objects to Glacier archive storage after a certain period of time

Answer 27

S3 Lifecycle Policies

• Automate the process of moving objects to different Storage classes or deleting objects all together.
• Can be used together with versioning Can be applied to both current and previous versions

Eg. After 7 days, a policy will take some files and will move them to glacier

Question 28

With S3 transfer acceleration, instead of uploading directly to a bucket, you use this to access an edge location

Answer 28

Distinct URL

As data arrives at the edge location It is automatically routed to s3 over a specially optimized network path (Amazon’s Backbone Network)

Question 29

Fast and secure transfer of files over long distances between your end users and an S3 bucket.

Answer 29

Transfer Acceleration

As data arrives at the edge location It is automatically routed to s3 over a specially optimized network path (Amazon’s Backbone Network)

Question 30

Which 2 ways can you generate presigned URLs for S3?

Answer 30

AWS CLI

AWS SDK

Question 31

True or False, presigned URLs generally expire just a few seconds after they are created

Answer 31

True

You have a web-application which needs to allow users to download files from a password protected part of your web-app. Your web-app generates presigned url which expires after some seconds. The user downloads the file.

Question 32

You can use these to provide temporary access to private S3 objects

Answer 32

Presigned URLs and Presigned Cookies

Question 33

How can you enable MFA Delete for S3?

Answer 33

AWS CLI

Question 34

Which S3 feature must be enabled in order to turn on MFA Delete?

Answer 34

Versioning

Question 35

If your using MFA Delete, Who can delete objects from a bucket?

Answer 35

Only the bucket owner logged in as Root User can DELETE objects from bucket

Question 36

What is S3?

What are its 10 key elements?

Answer 36

• It’s storage for the Internet. It is designed to make web-scale computing easier for developers.
• Lifecycle management (Move or delete objects)
• Versioning
• MFA Delete (Token required in order to delete objects)
• Access Control - (Bucket Policies, ACL’s)
• 3 Security options (In Transit, SSE, CSE)
• 3 SSE options (AES, KMS, C)
• Cross Region Replication
• Transfer Acceleration (Faster uploads)
• Presigned URL (Temporary access)
• 6 Storage Classes (Standard, Intelligent Tiering…)