S3

Question 1

What can S3 do?

Answer 1

• upload any file type
  ex: photos, videos, code, documents
• CANNOT run an OS or database

Question 2

S3 Basics (limits)

Answer 2

• unlimited storage (total volume)*

- objects can be up to 5 TB in size*

Question 3

Buckets

Answer 3

• must have a universal namespace (be globally unique)

Question 4

S3 URLs*

Answer 4

https: //bucket-name.s3.region.amazonaws.com/key-name
https: // + bucket name + .s3 + .region + /filename

Question 5

Successful CLI or API uploads

Answer 5

Return a 200 http code

Question 6

S3 key-value store

Answer 6

key: the name of the object (ex: beach.jpg)
value: the data itself (sequency of bytes) *
Version ID: for storing multiple versions*
Metadata: data about the data (content-type, last-modified, etc.)

Question 7

S3 Availability

Answer 7

99.95 - 99.99% service availability

Question 8

S3 Durability

Answer 8

99.999999999% durability

Question 9

S3 Standard

Answer 9

• Stored in >= 3 AZs
• 99.99% availability
• 11 9’s durability
• for frequent access

Question 10

S3 Standard Use Cases

Answer 10

• websites
• gaming apps
• big data analytics
• content distribution

Question 11

Ways to secure S3 data

Answer 11

1) server-side encryption
2) access control lists (ACLs): can attach to a bucket or individual objects
3) bucket policies

Question 12

Bucket Policy

Answer 12

JSON policies that apply to the bucket as a whole (& bucket contents)

Question 13

S3 Consistency Model: Strong-Read-After-Write *

Answer 13

after a successful write of a new object or overwrite of an existing object, any subsequent request immediately receives the latest version.
- you can immediately perform a List to get all objects in a bucket with all changes reflected

Question 14

Object ACL

Answer 14

applies to individual objects

Question 15

Bucket details*

Answer 15

• S3 is a global view, but buckets are regional

- by default buckets and objects are private until you unblock access to them*

Question 16

What are the use cases of S3 static websites?

Answer 16

For webpages that don’t require a database connection

- pages can also contain client-side scripts

Question 17

Benefits of S3 static website?

Answer 17

Scales automatically to meet demand

ex: a movie trailer website. Many enterprises put static sites on S3 when there will be a lot of demand

Question 18

How to make an S3 website public?*

Answer 18

Using a bucket policy*

Question 19

S3 versioning

Answer 19

• all versions are stored, even if you delete an object*
• cannot be disabled once enabled, only suspended*
• can be integrated with lifecycle rules
• Supports MFA*

Question 20

Why use MFA for object deletion?

Answer 20

to protect objects from deleting, require 2 forms of authentication

Question 21

public vs private with versioning

Answer 21

only the most-recent version is public - everything else is restricted, unless explicitly made public

Question 22

How do you restore an S3 object that has been deleted?

Answer 22

deleting objects adds a ‘delete marker’ to them. to restore the object, delete the delete marker

Question 23

Which S3 storage class is cost-optimized for unknown access patterns?

Answer 23

S3 Intelligent Tiering

Question 24

Which S3 storage class costs the most?

Answer 24

S3 Standard

Question 25

Which storage classes have a retrieval fee?

Answer 25

S3 Infrequent Access
S3 OneZone-IA
S3 Glacier
S3 Glacier Deep Archive

Question 26

Old Glacier SLAs

Answer 26

Glacier = archive < 12 hrs

Glacier Deep archive > 12 hours

Question 27

S3 Lifecycle Management

Answer 27

• automates moving your objects between the different storage tiers, maximizing cost effectiveness
• Ex: move from S3 -> S3 IA -> Glacier (can configure how many days between each jump)

Question 28

How do you combine Lifecycle Management with Versioning?

Answer 28

there’s a lifecycle configuration on the bucket management tab > select “Lifecycle Rule” with Transitions

Question 29

S3 Object Lock

Answer 29

Prevents objects from being deleted or modified

• for a fixed amount of time, or indefintely
• if you see WORM in an S3 question, use Object Lock
• can be applied at bucket or object level

Question 30

WORM model

Answer 30

W - Write
O - Once
R - Read
M - Many

Question 31

Use case for Object Lock

Answer 31

• regulatory requirements

- extra layer of protections against changes or deletions

Question 32

S3 Object Lock: Governance Mode*

Answer 32

requires special permissions to overwrite, delete, or alter lock settings
some users can alter and delete

Question 33

S3 Object Lock: Compliance Mode*

Answer 33

nobody can alter the object, including root user

- for a specific retention period

Question 34

S3 Object Lock : Retention Period

Answer 34

a timestamp in metadata indicating when the retention period expires

Question 35

S3 Object Lock: Legal Hold

Answer 35

prevents object version from being overwritten or deleted

- remains in effect until the flag is removed

Question 36

What permission do you need to remove a legal hold?

Answer 36

S3: PutObjectLegalHold

Question 37

Glacier Vault Lock*

Answer 37

a way of applying a WORM model to Glacier

Question 38

S3 Encryption in transit*

Answer 38

uses https

the “s” = SSL/TSL certificate

Question 39

S3 Encryption at rest*

Answer 39

Server-Side encryption
A) SSE-S3: S3 manages your keys (AES 256 bit)
B) SSE-KMS: KMS manages your keys
C) SSE-C: Customer (you) manage the keys

Question 40

S3 Client-Side Encryption*

Answer 40

you encrypt the files yourself before uploading to S3

Question 41

2 ways to apply encryption to S3

Answer 41

1) via the console
2) using a bucket policy*
- - denies any PUT request that doesn’t include the x-amz-server-side-encryption parameter in the request header

Question 42

S3 Prefixes*

Answer 42

folders inside S3 buckets
ex: mybucketname/folder1/subfolder1/file.jpg
prefix = /folder1/subfolder1

Question 43

S3 Performance*

Answer 43

Extremely low latency

• the more prefixes, the better the latency*
• 3500 PUT/COPY/POST/DELETE per second, per prefix
• 5,500 GET/HEAD per second, per prefix

ex: 2 prefixes = 11,000 request per second
4 prefixes = 22,000 requests per second

Question 44

S3 Limitations with KMS*

Answer 44

KMS has built in limits on SSE-KMS

• limits are region specific: 5,500, 10,000 or 30,000 requests per second
• uploads and downloads count toward the limit
• on exam, it may be best to use SSE-S3 instead. *

Question 45

S3 Performance Uploads

Answer 45

Multi-Part uploads -> parallelize uploads

• increases efficiency
• required for files over 5 GB
• recommended for files over 100 MB

Question 46

S3 Performance Downloads

Answer 46

S3 Byte-Range fetches

• parallelize downloads by specifying byte ranges
• can be used to speed up downloads
• can be used to download partial amounts of the file (eg. header info)

Question 47

S3 Replication for Backing Up

Answer 47

• previously called cross-region replication*
• a way of replicating objects from one bucket to another*
• versioning must be enabled on both buckets for this to work*

Question 48

Turn on S3 Replication

Answer 48

1) create 2 new buckets
2) turn on replication for both
3) upload all the files to one bucket
4) delete markers are not replicated by default*
(your replication bucket can have a different storage class to save money)