S3

Question 1

What is S3 Bucket?

Answer 1

A directory with a unique name (across all regions and accounts).
They are defined on region level.

Question 2

What is S3 Bucket Naming convention

Answer 2

No uppercase nor underscore. No prefix xn– nor suffix -s3alias. Starts with letter or number

Question 3

How are the Objects saved in S3 Bucket?

Answer 3

Each file has a key that corresponds to a full path. e.g
s3://my-bucket/my_folder1/an0ther_folder/myfile.txt
then prefix: my_folder1/an0ther_folder/
and object name: my_file.txt
compose the key.
there are no directories even though the UI tricks us to think there is

Question 4

What is a Object in S3 and what does it consist of.

Answer 4

Any content with body that doesn’t exceed 5TB. However if more then 5GB then must use “multi-part” upload
Consists of
1. Metadata (list of text key / value pairs)
2. Tags (Unicode key / value pair)
3. Version ID (if versioning enabled)

Question 5

What are Security options in S3?

Answer 5

1. User-based via IAM
2. Resource-based
   a) Bucket policies - most common
   b) Object Access Control List (ACL) - finer grain
   c) Bucket Access Control List (ACL) - less common
3. Encryption using encryption keys

Question 6

How does S3 Bucket Policy look like?

Answer 6

It is JSON based, same as in IAM Policy. Can be created using a Policy generator

Question 7

How can a IAM User gain access to S3 Bucket?

Answer 7

Through IAM Policies

Question 8

How can an EC2 instance access S3 Bucket?

Answer 8

EC2 Instance Role can access an S3 Bucket.

Question 9

How can an IAM User of different Account access our S3 Bucket?

Answer 9

with Usage of Bucket Policy and allowing cross-account access

Question 10

How to ensure that none of the S3 Buckets in our account will ever be publicly accessible?

Answer 10

By setting Block all public access on the account level for all buckets or at the bucket level for only particular bucket.

Question 11

Can S3 host websites?

Answer 11

Yes, but only static ones and with an AWS URL and only if all content of the bucket is publicly readable.

Question 12

What is S3 Versioning?

Answer 12

It is a setting that enables creating multiple versions of the same file on the same key.
Overriding will create the file with version n+1
Deleting will put a delete marker on the version, but the object will still be restorable.

Question 13

What happen when u suspend versioning in S3 Bucket?

Answer 13

All previously created versions stay, there will just not be any new ones.

Question 14

How to permanently delete an Object while versioning enabled in S3 Bucket?

Answer 14

Go into the show versions view and then delete a specific version of a file.

Question 15

What are two flavours of S3 replication?

Answer 15

CRR - Cross Region Replication
SRR - Same Region Replication

Question 16

How does the S3 Replication work?

Answer 16

1. Versioning must be enabled in both source and destination buckets
2. Copying is async
3. Buckets may be in different AWS Accounts
4. S3 must have proper IAM Permissions

Question 17

Does the replication process replicate already existing data?

Answer 17

no, for that we need to create a one-time batch operation to replicate those and sync both buckets.

Question 18

What storage Classes does S3 Offer?

Answer 18

1. Standard
2. Standard-Infrequent Access (IA)
3. One Zone-Infrequent Access
4. Glacier Instant Retrieval
5. Glacier Flexible Retrieval
6. Glacier Deep Archive
7. Intelligent Tiering

Question 19

What is S3 Durability?

Answer 19

How many objects is S3 allow to ‘lose’?
S3 is very high durability 11 9’s 99.999999999% of objects across multiple AZ
It’s allowed to lose 1 Object of 10.000.000 Objects every 10.000 Years
Durability is same across all storage classes.

Question 20

What’s S3 Availability?

Answer 20

How readily the service is.
Varies depending on storage class
S3 Standard has 99.99% Availability per year (53 mins a year)

Question 21

What are the params of S3 Stardard?

Answer 21

99.99% Availability
Used for frequent access
Low latency and high throughput
Can sustain 2 concurrent facility failures.

Question 22

What are the params of S3 Infrequent Access (IA)?

Answer 22

99.9% Availability
Cheaper to store but it costs a bit to retrieve.
good for backups and disaster recovery

Question 23

What are the params of S3 One Zone Infrequent Access (One Zone-IA)?

Answer 23

99.5% Availability
99.999999999 (11 9s) Durability but in ONE ZONE only

Question 24

What are the params of S3 Glacier Storage Class?

Answer 24

Very low cost of storage meant for archiving / backup
Object retrieval cost.

3 Classes:
- Instant retrieval (miliseconds)(>90 days), great for data accessed 1 a quarter
- Flexible Retrieval (>90 days) - u pay depending on how fast u want your data retrieved:
a) Expedited (1 - 5 mins)
b) Standard (3 - 5 hours)
c) Bulk (5 to 12 hours) - free
- Deep Archive (>180 days) - Standard (12 hours), Bulk (48 hours)

Question 25

What are the parameters of S3 Intelligent Tiering?

Answer 25

Small monthly monitoring and auto tiering fee. It moves the files on the following scheme: Frequent Access Tier - default (auto) Infrequent Access Tier - >30days (auto) Archive Instant Access Tier - >90days (auto) Archive Access Tier -> >90 - 700+ days (optional) Deep Archive Access Tier -> >90 - 700+ days (optional)

Question 26

What are 2 Types of S3 Encryption?

Answer 26

Server Side (file is encrypted by a server upon arrival) - always on. Client-Side Encryption (file is encrypted by a user before upload)

Question 27

What is IAM Access Analyser for S3?

Answer 27

It is a tool that analyzes S3 Bucket policies, S3 ACLs, and Access point Policies to ensure that only intended people have access to the S3 Bucket.

Question 28

What are the reponsiblities of AWS in S3?

Answer 28

Infrastructure (global sec, durability, sustain data in concurrent loss of 2 facilities) Configuration Compliance on AWS end

Question 29

What are the responsibilities of User in S3

Answer 29

Setting up: 1. Versioning 2. Bucket Policies 3. Replication 4. Using the Storage Classes for cost effectiveness 5. Logging / Monitoring 6. Encrypting data on users end

Question 30

What is AWS Snowball?

Answer 30

Highly secure, portable device to collect and process data at the edge and migrate it in or out of AWS. Use it when it takes more than a week to transfer data.

Question 31

What are the 2 types of Snowball?

Answer 31

1. Snowball Edge Storage Optimized (210TB) 2. Snowball Edge Compute Optimized (28TB)

Question 32

What do we need the Edge Computing?

Answer 32

To process data while it's on the go being outside grid. It allows to run EC2 Instances or Lambda functions on the edge.

Question 33

How does AWS Snowball Edge Pricing work?

Answer 33

Data IN Transfer is free 1. On-Demand (one-time service fee per job with a timeframe included) Shipping days are not counted torwards the timeframe 2. Committed Upfont for the edge computing (1-year / 3 years of usage) up to 62% discount compared to on-demand pricing

Question 34

What is Hybrid Cloud?

Answer 34

Bridge between AWS and on-prem allowing some infrastructure on prem some on AWS. To access the S3 Bucket then on the own infrastructure u would need to build AWS Storage Gateway.