Section 6: AWS Fundamentals: Amazon S3 Flashcards
What does S3 stand for?
Simple Cloud Storage Service
What is S3 advertised as?
โInfinetily scalableโ storage
What are the naming rules of S3 buckets?
No uppercase No underscore 3-63 chararecters long Not an IP Must start with lowercase letter or number
How unique must S3 bucket names be?
Totally unique accross the entire AWS S3 ecosystem. Two AWS accounts canโt have a buket with the same name.
What characterize S3 objects?
Key
Metadata
Tags
Version ID (if versionning is enabled)
What consists in an S3 object key?
The filename and its โsubpathโ
What is the max size of an S3 object?
5TB
Are there directories in an S3 bucket?
No, although the UI will trick you to think otherwise
At what level can versioning be activated in S3?
At the bucket level
What happens if we update a file in an S3 bucket with versionning?
The file will have a new version
What are some reasons why you should enable versioning in an S3 bucket?
Protects you against unintended deletes (ability to restore)
Easy roll back to previous version
What will be the version id of any files that were on an S3 bucket prior to activating versioning?
Null
What are the four methods of encrypting objects in S3?
SSE-S3
SSE-KMS
SSE-C
Client Side Encryption
What keys does SSE-S3 use to encrypt S3 objects?
It uses keys handled and managed by AWS
What keys does SSE-KMS use to encrypt S3 objects?
It leverages AWS KMS Service to manage encryption keys
What keys does SSE-C use to encrypt S3 objects?
It uses your own encryption keys which you pass to S3 in a header of your HTTP request.
Where are objects encrypted when using SSE-S3
On the server side (in S3)
Where are objects encrypted when using SSE-KMS
On the server side (in S3)
Where are objects encrypted when using SSE-C
On the server side (in S3)
Where are objects encrypted when using Client Side Encryption
On the client side using a library such as Amazon S3 Encryption Client
How to tell S3 to use SSE-S3 when sending a file?
By setting the โx-amz-server-side-encryptionโ header to โAES256โ
How to tell S3 to use SSE-KMS when sending a file?
By setting the โx-amz-server-side-encryptionโ header to โaws:kmsโ
What are the advantages of using KMS to encrypt S3 objects?
User control
Audit trail
With what encryption must HTTPS be used?
SSE-C
How to get encryption in flight when sending data to S3?
By using the HTTPS endpoint rather than the HTTP endpoint
What is another common name for โEncryption in flightโ ?
SSL / TLS
What does SSL stand for?
Secure Sockets Layer
What does TLS stand for?
Transport Layer Security
How to insure user based security in an S3 bucket?
By using the right IAM policies
How to manage user based security for S3?
With IAM policies (Which API calls should be allowed for a specific user from IAM console)
How to manage resource based security for S3?
Bucket polices (Most popular / Better method)
Object Access Control List
Bucket Access Control List
What form an S3 bucket policy?
Resources (Buckets or objects)
Actions (Set of API)
Effect (Allow or Deny)
Principal (The account or user to apply the policy to. E.g. * means everybody)
How can you force objects to be encrypted at upload?
By setting the appropriate bucket policy
How can you grant public access to the bucket?
By setting the appropriate bucket policy
How can you grant access to another account (Cross account)?
By setting the appropriate bucket policy
Does S3 bucket support VPC endpoints?
Yes
Where should an S3 bucket access logs be stored?
In an other bucket, not in the same otherwise youโll get an infinite loop
Where can API calls be logged?
In AWS CloudTrail
When setting a policy for an S3 bucket, what should the ARN end with if you want the policy to affect all files in the bucket?
/*
How to upload a file that is more than 5GB to an S3 bucket?
By enabling multi-part upload (itโs mandatory for files of 5GB and more)
What happens if you delete a file from an S3 bucket with versioning enabled?
The file wonโt show in the bucket anymore but you can still access it by enabling the showing of versions in the GUI.
Is it possible to define a default encryption in the properties of a bucket?
Yes
How can you grant access to file to a user for a short amount of time?
By generating a signed URL
The client has an index.html file which tries to access an image in another bucket but it is not working, what is going on?
It most likely is that the CORS other bucket doesnโt have the proper CORS enabled.
What will happen if you want enable static site hosting in an S3 but donโt allow public read?
You will get a 403 (Forbidden) error
What should you set if you have a website hosted on an S3 bucket that needs to download an image hosted on another S3 bucket?
On the bucket hosting the image, you need to enable CORS access to bucket that needs to access the image
What do CORS protect you from?
From having other websites referencing your file in your bucket therefore generating traffic and incurring costs on your behalf.
What is the consistency model of PUTS of new objects in S3?
Read after write
except if we did a GET before to see if the object existed
What is the consistency model of DELETES and PUTS of existing objects?
Eventual consistency
If we read an object after updating it, we might get the older version
If we read an object after deleting it, we might still be able to retrieve it for a short time
Where can S3 send notifications on changes to?
AWS SQS
AWS SNS
AWS Lambda
Historically, when would S3 performance decrease?
When you had over 100 TPS (Transactions per second)
Behind the scene, where do objects go when uploaded to S3?
To various S3 partitions
What WAS recommended in order to opmitise performance when uploading files to S3?
Have random characters in front of your key names
Should you use a date as a prefix to a file on S3?
No because the files with such prefix would most likely be stored in the same partitions which could hit performance
As of July 17th 2018, what are the new max RPS for PUTS and RPS for GET in S3 for each prefix?
3500RPS for PUT
5500RPS for GET
How to get faster upload of large objects in S3?
Use multi part upload
What are the three ways multi part upload fasten uploads in S3?
Parallelizes PUTs for greater throughput
Maximize your network bandwidth and efficiency
Decrease time to retry in case a part fails
In what case do multi part upload MUST be used in S3
When uploading files larger than 5GB
How to improve reads around the world for objects stored in S3?
Use Cloudfront
How to improve writes around the world for objects stored in S3?
Use S3 Transfer Acceleration (uses Edge locations)
If you use KMS for encryption, what might be slowing you down?
Your KMS usage limits
What is S3 Glacier?
S3 Glacier is a file storage for long term archival
What to do if you only want to retrieve a subset of data in an S3 or Glacier?
Use S3 Select or Glacier Select
With what file type is S3/Glacier Select compatible?
CSV, JSON and Parquet
Are subqueries/joins supported in S3/Glacier Select?
No, only simple select with where statements
How much cost savings can using S3/Glacier Select provide?
Up to 80%
How much performance savings can using S3/Glacier Select provide?
Up to 400%
