Section 6: AWS Fundamentals: Amazon S3

Question 1

What does S3 stand for?

Answer 1

Simple Cloud Storage Service

Question 2

What is S3 advertised as?

Answer 2

“Infinetily scalable” storage

Question 3

What are the naming rules of S3 buckets?

Answer 3

No uppercase
No underscore
3-63 chararecters long
Not an IP
Must start with lowercase letter or number

Question 4

How unique must S3 bucket names be?

Answer 4

Totally unique accross the entire AWS S3 ecosystem. Two AWS accounts can’t have a buket with the same name.

Question 5

What characterize S3 objects?

Answer 5

Key
Metadata
Tags
Version ID (if versionning is enabled)

Question 6

What consists in an S3 object key?

Answer 6

The filename and its “subpath”

Question 7

What is the max size of an S3 object?

Answer 7

5TB

Question 8

Are there directories in an S3 bucket?

Answer 8

No, although the UI will trick you to think otherwise

Question 9

At what level can versioning be activated in S3?

Answer 9

At the bucket level

Question 10

What happens if we update a file in an S3 bucket with versionning?

Answer 10

The file will have a new version

Question 11

What are some reasons why you should enable versioning in an S3 bucket?

Answer 11

Protects you against unintended deletes (ability to restore)

Easy roll back to previous version

Question 12

What will be the version id of any files that were on an S3 bucket prior to activating versioning?

Answer 12

Null

Question 13

What are the four methods of encrypting objects in S3?

Answer 13

SSE-S3
SSE-KMS
SSE-C
Client Side Encryption

Question 14

What keys does SSE-S3 use to encrypt S3 objects?

Answer 14

It uses keys handled and managed by AWS

Question 15

What keys does SSE-KMS use to encrypt S3 objects?

Answer 15

It leverages AWS KMS Service to manage encryption keys

Question 16

What keys does SSE-C use to encrypt S3 objects?

Answer 16

It uses your own encryption keys which you pass to S3 in a header of your HTTP request.

Question 17

Where are objects encrypted when using SSE-S3

Answer 17

On the server side (in S3)

Question 18

Where are objects encrypted when using SSE-KMS

Answer 18

On the server side (in S3)

Question 19

Where are objects encrypted when using SSE-C

Answer 19

On the server side (in S3)

Question 20

Where are objects encrypted when using Client Side Encryption

Answer 20

On the client side using a library such as Amazon S3 Encryption Client

Question 21

How to tell S3 to use SSE-S3 when sending a file?

Answer 21

By setting the “x-amz-server-side-encryption” header to “AES256”

Question 22

How to tell S3 to use SSE-KMS when sending a file?

Answer 22

By setting the “x-amz-server-side-encryption” header to “aws:kms”

Question 23

What are the advantages of using KMS to encrypt S3 objects?

Answer 23

User control

Audit trail

Question 24

With what encryption must HTTPS be used?

Answer 24

SSE-C

Question 25

How to get encryption in flight when sending data to S3?

Answer 25

By using the HTTPS endpoint rather than the HTTP endpoint

Question 26

What is another common name for “Encryption in flight” ?

Answer 26

SSL / TLS

Question 27

What does SSL stand for?

Answer 27

Secure Sockets Layer

Question 28

What does TLS stand for?

Answer 28

Transport Layer Security

Question 29

How to insure user based security in an S3 bucket?

Answer 29

By using the right IAM policies

Question 30

How to manage user based security for S3?

Answer 30

With IAM policies (Which API calls should be allowed for a specific user from IAM console)

Question 31

How to manage resource based security for S3?

Answer 31

Bucket polices (Most popular / Better method)
Object Access Control List
Bucket Access Control List

Question 32

What form an S3 bucket policy?

Answer 32

Resources (Buckets or objects)
Actions (Set of API)
Effect (Allow or Deny)
Principal (The account or user to apply the policy to. E.g. * means everybody)

Question 33

How can you force objects to be encrypted at upload?

Answer 33

By setting the appropriate bucket policy

Question 34

How can you grant public access to the bucket?

Answer 34

By setting the appropriate bucket policy

Question 35

How can you grant access to another account (Cross account)?

Answer 35

By setting the appropriate bucket policy

Question 36

Does S3 bucket support VPC endpoints?

Answer 36

Yes

Question 37

Where should an S3 bucket access logs be stored?

Answer 37

In an other bucket, not in the same otherwise you’ll get an infinite loop

Question 38

Where can API calls be logged?

Answer 38

In AWS CloudTrail

Question 39

When setting a policy for an S3 bucket, what should the ARN end with if you want the policy to affect all files in the bucket?

Answer 39

/*

Question 40

How to upload a file that is more than 5GB to an S3 bucket?

Answer 40

By enabling multi-part upload (it’s mandatory for files of 5GB and more)

Question 41

What happens if you delete a file from an S3 bucket with versioning enabled?

Answer 41

The file won’t show in the bucket anymore but you can still access it by enabling the showing of versions in the GUI.

Question 42

Is it possible to define a default encryption in the properties of a bucket?

Answer 42

Yes

Question 43

How can you grant access to file to a user for a short amount of time?

Answer 43

By generating a signed URL

Question 44

The client has an index.html file which tries to access an image in another bucket but it is not working, what is going on?

Answer 44

It most likely is that the CORS other bucket doesn’t have the proper CORS enabled.

Question 45

What will happen if you want enable static site hosting in an S3 but don’t allow public read?

Answer 45

You will get a 403 (Forbidden) error

Question 46

What should you set if you have a website hosted on an S3 bucket that needs to download an image hosted on another S3 bucket?

Answer 46

On the bucket hosting the image, you need to enable CORS access to bucket that needs to access the image

Question 47

What do CORS protect you from?

Answer 47

From having other websites referencing your file in your bucket therefore generating traffic and incurring costs on your behalf.

Question 48

What is the consistency model of PUTS of new objects in S3?

Answer 48

Read after write

except if we did a GET before to see if the object existed

Question 49

What is the consistency model of DELETES and PUTS of existing objects?

Answer 49

Eventual consistency

If we read an object after updating it, we might get the older version
If we read an object after deleting it, we might still be able to retrieve it for a short time

Question 50

Where can S3 send notifications on changes to?

Answer 50

AWS SQS
AWS SNS
AWS Lambda

Question 51

Historically, when would S3 performance decrease?

Answer 51

When you had over 100 TPS (Transactions per second)

Question 52

Behind the scene, where do objects go when uploaded to S3?

Answer 52

To various S3 partitions

Question 53

What WAS recommended in order to opmitise performance when uploading files to S3?

Answer 53

Have random characters in front of your key names

Question 54

Should you use a date as a prefix to a file on S3?

Answer 54

No because the files with such prefix would most likely be stored in the same partitions which could hit performance

Question 55

As of July 17th 2018, what are the new max RPS for PUTS and RPS for GET in S3 for each prefix?

Answer 55

3500RPS for PUT

5500RPS for GET

Question 56

How to get faster upload of large objects in S3?

Answer 56

Use multi part upload

Question 57

What are the three ways multi part upload fasten uploads in S3?

Answer 57

Parallelizes PUTs for greater throughput
Maximize your network bandwidth and efficiency
Decrease time to retry in case a part fails

Question 58

In what case do multi part upload MUST be used in S3

Answer 58

When uploading files larger than 5GB

Question 59

How to improve reads around the world for objects stored in S3?

Answer 59

Use Cloudfront

Question 60

How to improve writes around the world for objects stored in S3?

Answer 60

Use S3 Transfer Acceleration (uses Edge locations)

Question 61

If you use KMS for encryption, what might be slowing you down?

Answer 61

Your KMS usage limits

Question 62

What is S3 Glacier?

Answer 62

S3 Glacier is a file storage for long term archival

Question 63

What to do if you only want to retrieve a subset of data in an S3 or Glacier?

Answer 63

Use S3 Select or Glacier Select

Question 64

With what file type is S3/Glacier Select compatible?

Answer 64

CSV, JSON and Parquet

Question 65

Are subqueries/joins supported in S3/Glacier Select?

Answer 65

No, only simple select with where statements

Question 66

How much cost savings can using S3/Glacier Select provide?

Answer 66

Up to 80%

Question 67

How much performance savings can using S3/Glacier Select provide?

Answer 67

Up to 400%