Storage Flashcards
What is S3?
S3 uses buckets to organize & store objects
Give some examples of objects that can be stored in S3
Files such as text files, images, videos, documents, or even application code
We store objects as key value pairs in S3. Explain what a key and value is..
The key is the unique name
The value is the file ie., text files, images, videos..)
How to store data in S3
Objects that can be stored within files that are in bucketes
How to create a bucket?
S£ -> Create Bucket -> name, region, config , permissions
NB: Once created, you can create a folder inside the bucket
What are the 6 s3 storage classes?
S3 Standard
S3 Intelligent Tiering (unknown access pattern)
S3 Standard Infrequent Access (IA)
S3 One Zone Infrequent Access IA
S3 Glacier
S3 Glacier Deep Archive
Name 4 S3 management features
- Lifecycle policies (automate data management by defining rules to transition, expire and delete objects based on criteria like age or storage class)
- Versioning (preserve multiple versions of objects to protect against accidental deletions or overwrites)
- Cross-region replication (automatically replicate the objects from one s3 bucket in another region to enhance durability and disaster recovery or low latency access)
- Bucket logging (record detailed access logs for your s3 bucket to monitor/audit object-level access, track usage & identify potential security issues)
Name the 2 S3 Access Policies?
IAM Policy (fine grained policy for user, group or role)
Bucket policy (broad controls at the bucket level)
Can you use conditions in policies?
Yes, conditions are added to JSON ie.,
Action
CreateBucket
Name 2 resource-based policies (policies that focus on the control of access to specific resources ie., s3 or objects)?
bucket policies (JSON defines who is allowed/denied access to s3 buckets or objects within it)
Access Control List (manages permissions at the object level)
When should we use an IAM policy instead of a Bucket Policy?
Use an IAM policy when you need fine-grained control over access permissions for IAM users, groups or roles when you are managing access across multiple aws services
A company wants to control S3 Buckets and its objects, maintain security policies within s3 and grant access for multiple accounts without having to use IAM roles
Should they use Bucket Policies or IAM Policies?
Bucket Policies
What is the max IAM policy size for users, groups nd roles
Users - 2kb
Groups - 5kb
Roles - 10kb
What is the max size of bucket policies?
20kb
Name 4 types of ACL permissions?
Read (list objects)
Write (upload / delete objects)
Read_ACP (read bucket permissions)
Write_ACP (write bucket permissions)
By default, access is denied to an object, even without an explicit Deny within any policy
True
There needs to be an Allow policy defined within a bucket policy or ACL
What does CORS stand for?
Cross Origin Resource Sharing
What is Cross Origin Resource Sharing (CORS)?
CORS is a security mechanism in web browsers that ensures websites can only access resources on other domains if those domains explicitly allow it
Name 5 types of S3 Encryption
SSE (server side encryption) …
- S3
- KMS
- C
CSE…
- KSM
- C
Describe (Server Side Encryption S3) SSE-S3?
upload data, s3 handles the rest
you know the key exists, but you can’t see it and don’t know anything about it
easiest encryption option, hands off approach