Storage & Data Management

Question 1

What is the difference between upload and update/delete a file on S3?

Answer 1

# After upload you can read right away.
# After update/delete takes some time to propagate.

Question 2

What is S3?

Answer 2

# Is object-based
# Can store objects from 0 Bytes to 5 TB
# Unlimited storage
# S3 is a universal namespace

Question 3

What are S3 classes?

Answer 3

# S3 Frequent access
# S3 - IA - infrequent access
# S3 - One Zone IA - === IA, but data is in single zone
# S3 - Reduced Redundancy storage - for data that can be reproducible again if lost
# Glacier - Archived data, takes 3-5 hours to access.

Question 4

What are the core of S3?

Answer 4

# Key (name)
# Value (data)
# Version ID
# Metadata
# Subresources 
   - bucket configuration: Policies, Acess Control list
   - Cors
   - Transfer Acceleration

Question 5

What are S3 Lifecycle Policies?

Answer 5

Are lifecycle based on creation date, you can use this lifecycle to transfer objects to glacier or S3 infrequent access, or delete them after a expiry date

Question 6

What is MFA S3?

Answer 6

S3 enable versioning, to add a layer of protection S3 enable 2FA/MFA, in order to delete file need valid code of the device to delete a file or supespend/reactivate a S3 bucket.

Question 7

What are two types of S3 encrypt?

Answer 7

# In transit: SSL/TLS
# Encryption of object: 
  - SSE-S3(key managed by s3)
  - SSE-KMS(key managed by KMS)
  - SSE-C(key managed by client)
# Client Side encrypt

Question 8

How to enforce use of encryption on S3?

Answer 8

Use bucket policy, on PUT must have header x-amz-server-side-encryption.

Question 9

What is default value for EBS root on termination EC2?

Answer 9

Delete the EBS root device, this can be modificated on creation only. In other hand, additional volumes are persisted automatically.

Question 10

What is instance store?

Answer 10

Is ephemeral storage, come if EC2 instance and is 10GB.

Question 11

What services for storage needs to check encryption on creation?

Answer 11

EFS, RDS and EBS volumes.

Question 12

How to add encryption after storage was created?

Answer 12

Create snapshot of current storage, then restore this snapshot in a Volume encrypted.(Have downtime)

Question 13

What is and what is the difference between KMS and CloudHSM?

Answer 13

Both generate, store and manage encryption keys. KMS is multi-tenancy. But if the app need dedicated hardware for managing keys, use CloudHSM.

Question 14

What is AMI?

Answer 14

AMIS are templates for launching EC2.

Question 15

Is AMI region bound?

Answer 15

yes

Question 16

What are the 2 restriction for copy/share AMIS?

Answer 16

# Encrypted AMIS - copy the underlying snapshot, re-encrypt with own key, an then create from the snapshot
# Some amis have billingProducs code(Windows, RedHat, aws marketplace), so cannot copy. But can create ami from ec2 using an AMI paid.

Question 17

What is the difference between snowball and snowball edge?

Answer 17

Snowball is Computer that is used for transfer data to AWS physical mode(100TB of data/ Weeks), and SnowBall Edge is equal to Snowball the difference is that has compute capability, to transforma data before store(Has lambda and s3).

Question 18

What are the types of Storage gateway?

Answer 18

File gateway: files stored on S3, acess using NFS/SMB
# Volume gateway:
- Stored Volumes: data stored on site, and backup stored on s3 as EBS snapshots
- Cached Volumes: All data is stored on s3, and frequent data is cached local
#Tape gateway/VTL - Archiving data to GLACIER, througth s3 lifecycle.

Question 19

What is athena?

Answer 19

Is for query log data storage on s3, using SQL, serverless.