**AWS S3** Flashcards
Extensive TOPIC
Amazon S3?
Amazon Simple Storage Service
Amazon’s system for storage data that can have an “Infinitely Scaling”
(Page 129)
What are S3 Buckets and what are their main characteristics?
Practically, they’re Directory where ou can store files of any type (Objects).
They’re creating ove a AZ but MUST have an UNIQUE GLOBAL ID along all the AZ.
A Bucket is created in a Global Region?
NO, a bucket is created over a AZ but it can be accessed by all other AZ through its global unique Id.
Note: Image that you have to create an specific storage, to optimized space, it should be created on an AZ (Data Center), otherwise you could have several copies of that bucket along the world.
(Page 131)
What are the conventions of a Bucket’s Name?
+ No Space or underscores.
+ From 3 to 36 characters of name
+ Not IP
+ Must start with a lowercase letter or number.
S3://[Bucket_Name]/…
(Page 131)
What is Bucket’s Prefix? and how does it conform?
Is the full path of the resource, like a URL. It’s well known as the KEY
The prefix is conformed by:
+ The full path, after the Buket’s name,
+ The name of the file (Object)
* you must use the separator slash “/” to conform the Prefix
Sample:
s3://my-bucket/my_folder1/another_folder/my_file.txt
(Page 132)
What is the Max size of an Objet in a Bucket?
a) 500M
b) 5GB
c) 500GB
d) 1TB
e) 5TB
E, the maximus size is 5000 GB (5TB), If the object requires more space it must be uploaded using “Multi-Part Upload”
(Page 133)
What of these Entity data are part of a Bucket?
choose 3:
a) Unique ID
b Version ID
c) Tags.
d) Labels
e) Key value Pairs
f) Metadata by KVP
b, if versioning is enabled
c, Tags, using KVP, up to 10 Tags
f, Metadata is a list of Key-Value Pears (KVPs)
(Page 133)
What are the two types of Policy resources? Choose 2:
a) By User
b) By IAM
c) By AIM
d) By Object
e) By Resource
f) By file
b) By Identity Administrator Manager
e) S3 use Apply security policies by resources.
(Page 134)
What is User Based policy?
It’s a Policy based on IAM users.
(Page 134)
What is Resource Base Policy?
It’s a policy focused on allowing access to resources, more widely than a User Policy.
(Page 134)
According to their wide range, from higher to tinier. Order the three types of Resouces Base Policies:
a) Object Access Control List (ACL)
b) Bucket Access Control List (ACL)
c) Bucket Policies
c) Bucket Policies. It covers all the elements into the Bucket.
b) Bucket Access Control List (ACL). Grant basic permission of Read/Write to other AWS accounts. In this level you cannot choose objects.
a) Object Access Control List (ACL). Finer and can work with objects and ACL.
(Page 134)
An IAM principal can access an S3 object if it has
a) if the resource has an IAM Policy for the IAM Principal
b) if the resource has an IAM Policy with the wildchar “*”
c) If the resources¡ has a Resource Policy with an explicitly ALLOW
f) If the resource has a Resource Policy with an explicitly DENY
A. is used for IAM Policies
B. is used for IAM Policies but wider
C. Is used under resource Policies.
(Page 134)
Where does S3 Bucket Policy have effect?
a) On resource
b) on Bucket
c) on IAM
b) On the Bucket. The resource depends of the Bucket
(Page 135)
Where does an IAM Policy have effects?
a) On Buckets
b) On Object
c) On IAMs
c) The IAM Policy specifies what are the services and features that the IAM user can work with.
(Page 136)
What does ECS2 instance require, in a Policy, to have access to an Bucket?
a) An IAM User
b) An EC2 Instance Role
c) IAM Principal Access Policy.
e) An Bucket Policy
c) EC2 requieres an IAM user to work with…
b) An EC2 Instance Role.
The bucket cannot allows access directly to an EC2 instance, so you must create a
IAM User, its IAM Principal Access Policy, and an EC2 Instance Role to attach the IAM user to that Policy.
(Page 137)
What is Cross-Account Access – Use Bucket Policy?
It’s a policy that ALLOWS other AWS Accounts to access the Bucket, it doesn’t matter if the other account is part of the organization or not.
The Policy must be configured over the BUCKET.
(Page 138)
What can you do with a Bucket Policy?
a) Grant public access to the Bucket
b) Grant public access to the EC2 Instance
c) Force objects to be encrypted at upload
d) Force objects to be encrypted at download
e) Apply to a specific directory in the Bucket
f) Allow other accounts to configure the Bucket Policies.
g) Grant access to another account (Cross Account)
A, C and G
(Page 139)
What of these is the entity specifies the IAM Account to apply the policy?
a) Resources
b) Actions
c) Effect
d) Principal
D, the Principal specifies Who can apply to the policy.
(Page 139)
What of Policy setting that allows the APIS to have effect on the Resource?
a) Resources
b) Actions
c) Effect
d) Principal
B. Actions contains all the list of actiosn that the Policy has an effect on (Deny/Allow).
(Page 139)
By Deafault, all the bucket are created with a Public Access Allowed
True or False?
False. All the Buckets are created with a public access denied.
Page (140)
S3 can work with versioning?
YES, like Google Drive or another Cloud Storage
(Page 170)
What do you need to recover an object that was deleted in a a bucket?
- The object MUST be Versioning.
- On the Object browser, of S3, active the Versioning Viewer.
- Find the Objet which has the Delete Mark, on its type.
- Delete the Object with The Delete Mark, the object will be available again.
(Hands On)
It’s possible to create a Web Site from a Bucket
Yes, you can publish your Bucket to be accessed from web, you need to set public read policies.
(Page 141)
What are tha elements that comform an URL of a Bucket published as a Website
https://.s3-website-.amazonaws.com
(Page 141)
Which of these is a valid URL of a Bucket Website?
a) http://jomt-cpp-2022-v1.s3-website-us-west-1.amazonaws.com/
b) http://jomt-cpp-2022-v1.s3.website.us-west.1.amazonaws.com/
d) http://s3-website-us-west.jomt-cpp-2022-v1.1.amazonaws.com/
A, the rules to create a url from a bucket are:
https://.s3-website-.amazonaws.com
(Page 141)
