Chp 12: Amazon S3 Introduction

Question 1

What is the purpose of Amazon S3 bucket

Answer 1

Amazon S3 is an object (file) storage service that stores data as objects within buckets. An object is a file and any metadata that describes the file. A bucket is a container for objects.

Question 2

What is the naming convention for s3 buckets?

Answer 2

S3 buckets must have a globally unique name

Question 3

S3 buckets are defined at what level?

Answer 3

region

Question 4

Are there directories within buckets?

Answer 4

no

Question 5

what is the content of the s3 bucket body?

Answer 5

object values

Question 6

Do objects have a key

Answer 6

yes

Question 7

Is versioning an option for s3 buckets

Answer 7

yes it is

Question 8

how is versioning enabled

Answer 8

at the bucket lvl

Question 9

what happens when versioning is suspended?

Answer 9

previous versions are NOT deleted

Question 10

What are the methods of encryption in S3

Answer 10

1. SSE-S3
2. SSE- KMS
3. SSE-C
4. Client side encryption

Question 11

What is SSE-S3?

Answer 11

• encrypts s3 object using keys handled and managed by aws
• obj is encrypted server side
• aes 256 encryption type
• header must be set

Question 12

what is SSE-KMS

Answer 12

• leverage aws key mgmt
• advantages: user control and audit trail
• object is encrypted server side
• must set header

Question 13

what is SSE-c

Answer 13

• when you want to manage your own encryption keys
• s3 does not store the encryption key you provide
• https must be used
• encryption key must be provided in http headers, for every http request made

Question 14

what is client-side encryption

Answer 14

• client library such as the amazon s3 encryption client
• client must encrypt data themselves before sending to s3
• client must decrypt data themselves when retrieving from s3
• customer fully manages the keys + encryption cycle

Question 15

what is mandated for sse-c?

Answer 15

https

Question 16

encryption in flight is known as?

Answer 16

SSL/TLS

Question 17

User based s3 security

Answer 17

iam policies

Question 18

resource based s3 security

Answer 18

• bucket policies
• object ACL
• bucket ACL

Question 19

When can an IAM principal access an S3 object?

Answer 19

• the user iam permissions allow it
• the resource policy allows it
• AND there’s no explicitly deny statements

Question 20

when to use s3 bucket policies

Answer 20

• grant public access to the bucket
• force obj to be encrypted at upload
• grant access to another account

Question 21

s3 bucket policies are in what format

Answer 21

json

Question 22

block public access to buckets and object granted through

Answer 22

• new acls
• any acls
• new public bucket or access point policies
• can be set at at the account lvl

Question 23

s3 networking supports…

Answer 23

vpc endpoints

Question 24

s3 access logs can be stored where

Answer 24

in other s3 buckets

Question 25

s3 api calls can be stored where

Answer 25

aws cloudtrails

Question 26

s3 user sercurity

Answer 26

- mfa delete | - pre-signed urls

Question 27

if you get a 403 error with a s3 website, what is most likely the problem?

Answer 27

make sure the bucket policy allows public reads

Question 28

what does cors stand for

Answer 28

cross origin resource sharing

Question 29

what do we need to do if a client does a cor request on our s3 bucket?

Answer 29

we need to enable the cor header