AWS S3 Flashcards
(187 cards)
What are the storage classes available in AWS?
S3 standard
S3 standard Infrequent Access
S3 One Zone Infrequent Access
S3 Intelligent tiering
S3 Glacier Instant Retrevial
S3 Glacier Flexible Retrieval (formerly Glacier)
Glacier Deep Archive
What type of storage is S3?
Object storage
What is the availability of S3?
4 x 9s
What is the durability of S3?
11 X 9s
How many availability zones is S3 data replicated to?
3 AZ
What is the min size of data you can put in S3?
1 byte
What is the max size of data you can place in S3?
5 TB
Is encryption at the object level or the bucket level?
Encryption is enabled and applied at the bucket
If one tenant has a bucket called โdogโ can you have a bucket called โdogโ?
No buckets has to be unique with in a region.
What are the two types of encryption available to S3?
Server side and Client side.
What is the encryption used on server side encryption for S3?
AES-256
Who holds the master key for S3 encryption?
AWS- in KMS
Are all objects encrypted using the same master key? (are the keys changed over time)
Yes, but it depend on the encryption used. Server-Side Encryption Options in S3:
1. SSE-S3 (Server-Side Encryption with Amazon S3-Managed Keys)
Encryption keys are managed by AWS.
Objects are encrypted with a unique key per object, and then that key is encrypted with a master key thatโs rotated regularly.
You donโt manage the master key.
โ All done automatically by AWS.
- SSE-KMS (Server-Side Encryption with AWS Key Management Service)
Uses AWS KMS customer master keys (CMKs).
You can choose to:
Use the same CMK for all objects, or
Use different CMKs per object (if you configure that).
Each object still gets a unique data encryption key (DEK), which is encrypted with the CMK.
โ You control the CMK (rotation, policies, etc.)
- SSE-C (Server-Side Encryption with Customer-Provided Keys)
You provide the encryption key per request.
AWS doesnโt store the key โ only uses it temporarily to encrypt/decrypt.
Not common in most setups due to management overhead.
The master keys is used in the process to encrypt a object, is this the only key?
No there is a per object key.
Is the per object key encrypted?
Yes it is encrypted by the master key.
Is the object data encrypted at rest?
Yes
Where is the per object encryption stored?
In a hidden S3 bucket.
Is there other options available to encrypt a object?
Client side encryption using the SDK.
If you put data in a single region is that data/objects replicated to other regions?
No data stays with in a region.
Can you copy data and objects to other regions?
???
Would you make a html page available to people on the internet?
Use static web hosting.
How can you delete a object after a week (period of time)
Use life cycle policies.
Can life cycle policies be applied to just one object with in a bucket?
Yes using the prefix parameter.
How would you apply life cycle policies to a entire bucket?
Use the โApply to Entire Bucketโ parameter.