Section 7: Simple Storage Services (S3) Flashcards

1
Q

Amazon S3 (Simple Storage Service)

A
  • object based storage
  • a bucket is a container for objects
  • object = file such as PDF, JPG etc
  • REST API (public endpoint) using GET, PUT, POST, SELECT, DELETE to read/modify objects in bucket
  • unlimited storage, but max file size of 5TB
  • bucket names must be globally unique
  • buckets are created within a region
  • flat file structure, no hierarchy for objects in the bucket, however you can create a folder and nested folders
  • can NOT create nested buckets
  • EC2 instances connect using a private address using a S3 Gateway Endpoint
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

S3 object consists of

A

S3 Object consists of:
- key (name of the object)
- version ID
- value (actual data)
- metadata
- subresources
- access control information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

S3 access control lists (ACLs)

A
  • AWS reccommends using S3 bucket policies or IAM polices rather than ACLs
  • can be attached to a bucket or directly to an object

More info - https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

S3 versioning

A
  • versioning means keeping multiple variats of an object in the same bucket
  • use versioning to preserve, retrieve and restore every verion of every object stored in your S3 bucket
  • Versioning-enabled bucket allow you to recover objects from accidental deletion or overwrite
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

S3 Multi-Factor Authentication (MFA)

A

MFA Delete, adds MFA requiement for bucket owners to following operations:
* change the versining state of a bucket
* permanently deleting and object version
* the x-amz-mfa request header must be included

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

S3 Encryption

A
  • all S3 buckets have encryption configured by default
  • all new objects uploaded to S3 are automatically encrypted
  • no additional cost and no performance impact
  • objects are automatically encrypted using server-side encryption with S3 managed keys (SSE-S3)
  • you can enforce encryption with a Bucket Policy, e.g. to use SSE-KMS instead
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

S3 pre-signed URL

A

Pre-signed URLs are used to provide short-term access to a private object in your S3 bucket. They work by appending an AWS Access Key, expiration time, and Sigv4 signature as query parameters to the S3 object. There are two common use cases when you may want to use them: Simple, occasional sharing of private files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

S3 Multi-part upload

A
  • uploads objects in parts independanly, in parallel and in any order
  • is reccommended for objects of 100MB or larger
  • can be used for objects from 5MB to 5TB
  • must be used for objects larger than 5GB
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

S3 server access logging

A

S3 bucket access logging captures information on all requests made to a bucket, such as PUT, GET, and DELETE actions. Bucket access logging is a recommended security best practice that can help teams with upholding compliance standards or identifying unauthorized access to your data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

S3 Object Lambda

A

S3 Object Lambda uses Lambda functions to process the output of S3 get requests.

You can use your own functions or use the AWS pre-built functions.

There are pre-built Lambda functions that detect personally identifyable information (PII) such as as names, addresses, dates, credit card umbers, social security numbers etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

S3 Storage Classes

A

Ensure to look into this - https://catalog.us-east-1.prod.workshops.aws/workshops/f238037c-8f0b-446e-9c15-ebcc4908901a/en-US/002-services/002-storage/003-s3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

S3 Encryption types

A
  • SSE-S3 = use S3’s existing encyrption key for AES-256
  • SSE-C = upload your own AES-256 encryption key which S3 uses when it writes objects
  • SSE-KMS = use a key generated and managed by AWS KMS
  • Client-side = encrypt objects using your own local encryption process before uploading to S3

SSE = server-side encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the maximum file size allowed in Amazon S3?

A

5 terabytes (TB)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

For compliance reasons, an organization needs to retain data for 7 years. If they need to retrieve data, they have 24 hours to do so. Which Amazon S3 storage class is most cost-effective?

A

Amazon S3 Glacier Deep Archive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which Amazon S3 capability uses Amazon CloudFront and enables fast uploads for objects?

A

Transfer Acceleration

Transfer Acceleration speeds up data uploads by using the CloudFront network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A US based organization is concerned about uploading data to Amazon S3 as data sovereignty rules mean they cannot move their data outside of the US. What would you tell them?

A

Data never leaves a region unless specifically configured to do so

S3 is a global service but buckets are created within a region. Data is never replicated outside of that region unless you configure it (e.g. through Cross-Region Replication).

17
Q

AWS S3 cheatsheet

A

S3 - https://digitalcloud.training/amazon-s3-and-glacier/