Amazon S3

Question 1

What is Amazon S3?

Answer 1

Amazon S3 is an infinitely scalable object storage service used by websites and AWS services.

Question 2

What are common use cases for Amazon S3?

Answer 2

Backup, Disaster Recovery, Archive, Hybrid Cloud, Application/Media Hosting, Data lakes, Static websites.

Question 3

What is an S3 bucket?

Answer 3

A globally unique container for objects; region-specific.

Question 4

What are naming rules for S3 buckets?

Answer 4

3-63 chars, lowercase only, no underscores, not an IP, no xn– prefix or -s3alias suffix.

Question 5

What is an S3 object?

Answer 5

File stored in a bucket, has a key (full path), content, metadata, tags, version ID.

Question 6

What is the max size of an S3 object?

Answer 6

5TB; >5GB requires multi-part upload.

Question 7

What are S3 object metadata and tags?

Answer 7

Metadata are key-value pairs that store information about the object, like content-type or custom values (e.g., x-amz-meta-owner). Tags are key-value pairs used for organization, access control, and lifecycle rules.

Question 8

What are user-based and resource-based S3 access controls?

Answer 8

User-based: IAM Policies; Resource-based: Bucket policies, Object ACLs.

Question 9

What is a bucket policy in S3?

Answer 9

JSON policy to allow/deny access, enforce encryption, or grant cross-account access.

Question 10

What is the purpose of Block Public Access settings?

Answer 10

To prevent data leaks; should remain on unless public access is intentional.

Question 11

Can S3 host websites?

Answer 11

Yes, for static sites; accessible via special S3 website endpoint.

Question 12

What does a 403 error on S3 website mean?

Answer 12

Likely missing bucket policy for public read access.

Question 13

What is S3 versioning?

Answer 13

Keeps multiple versions per object. You can suspend versioning, but existing versions remain. Default version for pre-versioned files is “null”

Question 14

What is S3 replication?

Answer 14

Replicates objects from source to destination bucket across or within regions.

Question 15

What are requirements for S3 replication?

Answer 15

Enable versioning on both buckets and provide IAM permissions.

Question 16

Can S3 replicate existing objects?

Answer 16

Not by default; use S3 Batch Replication.

Question 17

Can S3 replicate deletes?

Answer 17

Yes for delete markers; versioned deletions are not replicated.

Question 18

What is S3 replication chaining?

Answer 18

Not supported; replication does not cascade.

Question 19

What are S3 the storage classes?

Answer 19

Standard, Standard-IA, One Zone-IA, Glacier IR/FR/DA, Intelligent Tiering.

Question 20

What is the S3 durability?

Answer 20

11 nines (99.999999999%) across multiple AZs.

Question 21

What is the S3 availability?

Answer 21

Varies by class; e.g., Standard: 99.99%.

Question 22

When should you use S3 Standard?

Answer 22

Frequently accessed data with high availability needs.

Question 23

What is Standard-IA and One Zone-IA?

Answer 23

Both are for infrequent access. Standard-IA stores in multiple AZs; One Zone-IA stores in one AZ, cheaper but less durable.

Question 24

What is Amazon S3 Glacier?

Answer 24

Low-cost archive storage with delayed retrieval.

Question 25

What is S3 Glacier Instant Retrieval?

Answer 25

Access in milliseconds; for quarterly access data.

Question 26

What are the S3 Glacier Flexible Retrieval modes?

Answer 26

Expedited (1–5 min), Standard (3–5 hrs), Bulk (5–12 hrs).

Question 27

What is S3 Glacier Deep Archive?

Answer 27

For long-term storage; retrieval in 12–48 hours.

Question 28

What is S3 Intelligent Tiering?

Answer 28

Auto-moves objects between tiers based on access patterns.

Question 29

What tiers does Intelligent Tiering include?

Answer 29

Frequent, Infrequent, Archive Instant, Archive, Deep Archive.

Question 30

What is used to move objects between S3 storage classes?

Answer 30

Lifecycle Rules.

Question 31

What can Lifecycle Transition Actions do?

Answer 31

Move objects to another storage class after a set time.

Question 32

What do Lifecycle Expiration Actions do?

Answer 32

Automatically delete objects, versions, or incomplete multipart uploads after a set time.

Question 33

Can Lifecycle Rules target specific prefixes or tags?

Answer 33

Yes.

Question 34

What storage class for thumbnails that can be deleted after 60 days?

Answer 34

S3 One-Zone IA with expiration rule.

Question 35

Where should source images go that need to be retrieved quickly for 60 days?

Answer 35

S3 Standard with transition to Glacier after 60 days.

Question 36

How to retain deleted S3 objects for 30 days, then archive?

Answer 36

Use S3 Versioning, transition noncurrent versions to IA then Glacier Deep Archive.

Question 37

What does S3 Analytics help with?

Answer 37

Identifying when to transition objects between Standard and Standard IA. Report is updated Daily.

Question 38

What events can trigger S3 Event Notifications and how quickly are they delivered?

Answer 38

S3 Event Notifications can trigger on events like ObjectCreated, ObjectRemoved, ObjectRestore, and Replication. They are typically delivered within seconds, though sometimes it may take a minute or longer.

Question 39

What does EventBridge provide over standard S3 Events?

Answer 39

Advanced filtering, multiple destinations, reliable delivery.

Question 40

What is the default request rate limit per prefix in Amazon S3?

Answer 40

3,500 PUT/POST/DELETE and 5,500 GET/HEAD requests per second per prefix.

Question 41

What can be done to scale S3 requests further?

Answer 41

Use multiple prefixes.

Question 42

When should Multi-Part Upload be used?

Answer 42

Recommended for files >100MB, required >5GB.

Question 43

What does S3 Transfer Acceleration do?

Answer 43

Speeds up upload by routing through AWS edge locations.

Question 44

What is the use of S3 Byte-Range Fetches?

Answer 44

Enables partial object retrieval and parallel downloads to improve performance and resilience.

Question 45

What are S3 Object Tags used for?

Answer 45

Permissions, analytics grouping.

Question 46

Can S3 tags or metadata be searched directly?

Answer 46

No, you must index them externally (e.g., in DynamoDB) for search functionality.

Question 47

What prefix must user-defined metadata begin with?

Answer 47

x-amz-meta-.

Question 48

What is SSE-S3?

Answer 48

Server-side encryption with S3-managed keys, AES-256, enabled by default.

Question 49

What is SSE-KMS?

Answer 49

Server-side encryption using keys managed in AWS KMS; enables audit via CloudTrail.

Question 50

What is SSE-C?

Answer 50

Server-side encryption with customer-provided keys; AWS does not store the key.

Question 51

What is client-side encryption in S3?

Answer 51

Client encrypts/decrypts data outside AWS using own keys.

Question 52

What header is used for SSE-S3?

Answer 52

x-amz-server-side-encryption: "AES256".

Question 53

What header is used for SSE-KMS?

Answer 53

x-amz-server-side-encryption: "aws:kms".

Question 54

What is a limitation of SSE-KMS?

Answer 54

Upload/download calls count toward KMS API quota.

Question 55

What must be used with SSE-C?

Answer 55

HTTPS must be used; key sent in each request.

Question 56

How is S3 encrypted in transit?

Answer 56

SSL/TLS encryption via HTTPS endpoint.

Question 57

How can encryption be enforced on a bucket?

Answer 57

Use bucket policy to deny unencrypted PUTs.

Question 58

What is CORS in S3?

Answer 58

CORS allows web applications running in one origin to make a request to resources in a different origin - like when a website tries to access an object in your S3 bucket

Question 59

When is MFA required in S3, and what is MFA Delete?

Answer 59

MFA Delete requires MFA to permanently delete versioned objects or suspend versioning. MFA is not needed to enable versioning or list deleted versions.

Question 60

What are S3 Access Logs?

Answer 60

Log all access requests to another S3 bucket.

Question 61

What is a pre-signed URL in S3 and how long is it valid?

Answer 61

A temporary URL granting object access. Console: up to 12 hours, CLI: up to 168 hours.

Question 62

What are S3 Access Points and how do they work with VPCs?

Answer 62

Access Points are custom S3 endpoints with their own policies. They can be restricted to a VPC using VPC Endpoints.

Question 63

What is a VPC Origin Access Point?

Answer 63

S3 Access Point only accessible via VPC endpoint.

Question 64

What is S3 Object Lambda?

Answer 64

Invoke Lambda to transform object before returning to caller.

Question 65

Give a use case for Object Lambda.

Answer 65

Resize images dynamically for each requester.