S3 - Simple Storage Service

Question 1

What is S3?

Answer 1

Amazon Simple Storage Service is an object storage service that offers industry-leading scalability, data availability, security, and performance

Question 2

Where are objects stored in S3?

Answer 2

in buckets

Question 3

What is globally unique on a bucket?

Answer 3

the name

Question 4

How are buckets scoped?

Answer 4

regionally

Question 5

What is the number of characters allowed in bucket’s name?

Answer 5

3-63

Question 6

What can not contain a bucket’s name?

Answer 6

no uppercase nor underscore

Question 7

How must start a bucket’s name?

Answer 7

lowercase or number

Question 8

What is the bucket object key?

Answer 8

the full path, starting after the bucket name

Question 9

What is composed of the key of a bucket object?

Answer 9

prefix + object name

Question 10

There are directories within buckets?

Answer 10

There’s no concept of “directories” within buckets
(although the UI will trick you to think otherwise)
Just keys with very long names that contain slashes (“/”)

Question 11

What is the max object size in S3?

Answer 11

5TB

Question 12

What is the max object size you can upload to S3?

Answer 12

5 GB

Question 13

What you need to do to upload an object greater than 5GB to S3?

Answer 13

use multi-part upload

Question 14

What contains an S3 object?

Answer 14

Key
Version ID
Value (Object itself)
Metadata
Subresources
Access Control Information

Question 15

What is useful for S3 object tags?

Answer 15

useful for security / lifecycle

Question 16

How many S3 object tags can you use?

Answer 16

up to 10

Question 17

Can you enable versioning on an S3 object?

Answer 17

no, it is at bucket level

Question 18

How can you increment an S3 object version?

Answer 18

uploading an object with the same key

Question 19

What is the version number of a file that was not versioned prior to when versioning is enabled?

Answer 19

null

Question 20

What happens to previous versions when versioning is disabled?

Answer 20

nothing, they are not deleted

Question 21

Which are the 4 methods of encrypting objects in S3?

Answer 21

SSE-S3
SSE-KMS
SSE-C
Client Side Encryption

Question 22

What is about SSE-S3 encryption method in S3?

Answer 22

encrypts S3 objects using keys handled & managed by AWS

Question 23

What is about SSE-KMS encryption method in S3?

Answer 23

leverage AWS Key Management Service to manage encryption keys

Question 24

What is about SSE-C encryption method in S3?

Answer 24

when you want to manage your own encryption keys

Question 25

What is about Client Side Encryption method in S3?

Answer 25

Customer fully manages the keys and encryption cycle

Question 26

What encryption type is used by SSE-S3 encryption method?

Answer 26

AES-256

Question 27

What you must set to use S3 SSE-S3 encryption method?

Answer 27

Must set header: “x-amz-server-side-encryption": "AES256"

Question 28

What is used by SSE-KMS S3 encryption method?

Answer 28

A Customer Master Key (CMK)

Question 29

What you must set to use S3 SSE-KMS encryption method?

Answer 29

Must set header: “x-amz-server-side-encryption": ”aws:kms"

Question 30

What means SSE on S3 encryption methods?

Answer 30

Server Side Encryption

Question 31

What you must set to use S3 SSE-C encryption method?

Answer 31

You must provide the key via HTTPS only

Question 32

What you must do to use Client Side encryption method?

Answer 32

You must encrypt and decrypt the data by yourself before sending it or receiving it using a client library such as the Amazon S3 Encryption Client

Question 33

What endpoints are exposed by S3?

Answer 33

HTTP and HTTPS (recomended)

Question 34

What are the 2 base groups for S3 security?

Answer 34

User and Resource based

Question 35

What is the User Based security on S3?

Answer 35

IAM policies - which API calls should be allowed for a specific user from IAM console

Question 36

What are the Resource Based security on S3?

Answer 36

* Bucket Policies - bucket wide rules from the S3 console - allows cross account * Object Access Control List (ACL) – finer grain * Bucket Access Control List (ACL) – less common

Question 37

How are S3 Bucket policies written?

Answer 37

JSON

Question 38

What you must define on a S3 Bucket policy?

Answer 38

- Resources - Actions - Effect - Principal

Question 39

What means the actions in a S3 Bucket policy?

Answer 39

Set of API to Allow or Deny (s3:GetObject)

Question 40

What means a resource in a S3 Bucket policy?

Answer 40

buckets and objects

Question 41

What means an effect in a S3 Bucket policy?

Answer 41

Allow / Deny

Question 42

What means a principal in a S3 Bucket policy?

Answer 42

The account or user to apply the policy to

Question 43

How can you grant access to another account to your bucket?

Answer 43

Using a Bucket Policy

Question 44

How can you grant public access to your bucket?

Answer 44

Using a Bucket Policy

Question 45

What can you use to block any permission allowed over your bucket?

Answer 45

Use Bucket settings for Block Public Access

Question 46

At what level does work Block Public Access setting?

Answer 46

At bucket and account level

Question 47

How can you access private S3 instances without internet?

Answer 47

S3 supports VPC endpoints

Question 48

Where can you store S3 access logs?

Answer 48

In another S3 bucket

Question 49

Where can be logged S3 API calls?

Answer 49

CloudTrail

Question 50

What can you use in order to prevent the deletion of any versioned S3 objects?

Answer 50

Use MFA Delete in your bucket, versioning must be enabled

Question 51

How can you share an S3 object with an external user?

Answer 51

Pre-Signed URLs (valid only for a limited time)

Question 52

Where can you host a static website and make it accessible on the www?

Answer 52

S3

Question 53

What is reflected in the S3 URL of a static website hosted there?

Answer 53

bucket name and region

Question 54

What if you get a 403 (Forbidden) error from a static web site deployed on S3?

Answer 54

make sure the bucket policy allows public reads

Question 55

How to configure your bucket to allow cross-origin requests?

Answer 55

create a CORS configuration, which is an XML document with rules that identify the origins that you will allow to access your bucket, the operations (HTTP methods) that will support for each origin, and other operation-specific information. you can also allow all origins using *

Question 56

How is in S3 Read after write consistency for PUTS of new objects?

Answer 56

As soon as a new object is written, we can retrieve it ex: (PUT 200 => GET 200) except if we did a GET before to see if the object existed ex: (GET 404 => PUT 200 => GET 404) – eventually consistent

Question 57

How is in S3 Read after updating an object consistency?

Answer 57

If we read an object after updating, we might get the older version ex: (PUT 200 => PUT 200 => GET 200 (might be older version))

Question 58

How is in S3 Read after deleting an object consistency?

Answer 58

If we delete an object, we might still be able to retrieve it for a short time ex: (DELETE 200 => GET 200)

Question 59

How can I request S3 strong consistency?

Answer 59

there is no way to request

Question 60

What you need to use MFA-Delete on S3?

Answer 60

to have versioning enabled in the bucket

Question 61

When you will need MFA on S3?

Answer 61

* permanently delete an object version | * suspend versioning on the bucket

Question 62

Who can enable/disable MFA-Delete?

Answer 62

Only the bucket owner (root account)

Question 63

How can you enable MFA-Delete?

Answer 63

only by using the CLI

Question 64

What is evaluated before S3 default encryption?

Answer 64

Bucket policies, it was the old way to enable default encryption

Question 65

What you should not use as your logging bucket?

Answer 65

your monitored bucket, it will create a logging loop, and your bucket will grow exponentially

Question 66

What condition must be accomplished by 2 buckets involved in S3 replication?

Answer 66

Both must enable versioning

Question 67

Can you set S3 replications cross accounts?

Answer 67

yes

Question 68

How is data copied in S3 replication?

Answer 68

async, but it is very quick

Question 69

What condition must be accomplished by the bucket containing the data in S3 replication?

Answer 69

Must have proper IAM permission behind an IAM Role

Question 70

What happens to the objects when you activate S3 replication?

Answer 70

new objects are replicated, it is not retroactive

Question 71

What happens when you have S3 replication and you delete an object version

Answer 71

it is not replicated

Question 72

It is S3 replication transitive?

Answer 72

No

Question 73

How can you generate S3 pre-signed URLs?

Answer 73

using SDK or CLI

Question 74

What is the default expiration time of S3 pre-signed URLs?

Answer 74

3600 s

Question 75

What are the permissions of the person that a S3 Pre-signed URL was given to?

Answer 75

They inherit the permissions of the person who generated the URL for GET / PUT

Question 76

What you must use to create a S3 Pre-signed URL for uploads?

Answer 76

SDK

Question 77

What are the S3 Storage classes?

Answer 77

* Amazon S3 Standard - General Purpose * Amazon S3 Standard-Infrequent Access (IA) * Amazon S3 One Zone-Infrequent Access * Amazon S3 Intelligent Tiering * Amazon Glacier * Amazon Glacier Deep Archive

Question 78

How are files called in S3 Glacier and where are stored?

Answer 78

Archives and stored in Vaults

Question 79

What you need to pay for using S3 Intelligent Tiering Storage Class?

Answer 79

Small montly monitoring and auto-tiering fee

Question 80

Which are the retrieval options for S3 Amazon Glacier?

Answer 80

- Expedited - Standard - Bulk

Question 81

What is the time to get the data for Amazon Glacier Expedited?

Answer 81

1 - 5 min

Question 82

What is the time to get the data for Amazon Glacier Standard?

Answer 82

3 - 5 hours

Question 83

What is the time to get the data for Amazon Glacier Bulk?

Answer 83

5 - 12 hours

Question 84

What is the time to get the data for Amazon Glacier Deep Archive Standard?

Answer 84

12 hours

Question 85

What is the time to get the data for Amazon Glacier Deep Archive Bulk?

Answer 85

48 hours

Question 86

Which are the retrieval options for S3 Amazon Glacier Deep Archive?

Answer 86

- Standard | - Bulk

Question 87

Which is the minimum storage duration for S3 Amazon Glacier?

Answer 87

90 days

Question 88

Which is the minimum storage duration for S3 Amazon Glacier Deep Archive?

Answer 88

180 days

Question 89

What is S3 Lifecycle Configuration?

Answer 89

a set of rules that define actions that Amazon S3 applies to a group of objects to manage your objects so that they are stored cost effectively

Question 90

What are the 2 types of actions in S3 Lifecycle Configuration?

Answer 90

- Transition Actions | - Expiration Actions

Question 91

What is S3 lifecycle configuration transition actions?

Answer 91

``` It defines when objects are transitioned to another storage class. • Move objects to Standard IA class 60 days after creation • Move to Glacier for archiving after 6 months ```

Question 92

What is S3 lifecycle configuration expiration actions?

Answer 92

configure objects to expire (delete) after some time • Access log files can be set to delete after a 365 days • Can be used to delete old versions of files (if versioning is enabled) • Can be used to delete incomplete multi-part uploads

Question 93

What can you use to apply S3 lifecycle configuration actions?

Answer 93

prefixes and tags

Question 94

What is the max amount of prefixes allowed in a bucket?

Answer 94

no limit

Question 95

What encryption method might impact your S3 performance baseline in extreme performance scenarios?

Answer 95

SSE-KMS becuse of their quota

Question 96

When is recommended to use S3 multi-part upload?

Answer 96

recommended for > 100MB because it parallelizes the uploads

Question 97

What is S3 Transfer Acceleration?

Answer 97

Increase transfer speed (just uploads) by transferring file to an AWS edge location which will forward the data to the S3 bucket in the target region. It is compatible with multi-part upload

Question 98

What can you use to accelerate your upoads to S3?

Answer 98

S3 Transfer Acceleration

Question 99

What can you use to accelerate your downloads from S3?

Answer 99

S3 byte-range fetches

Question 100

What is S3 byte-range fetches?

Answer 100

parallelize GETs by requesting specific byte ranges

Question 101

What can you use to request just for the header of a file in S3?

Answer 101

S3 byte-range fetches

Question 102

What is S3 Select and Glacier Select?

Answer 102

enables applications to retrieve only a subset of data from an object by using simple SQL expressions

Question 103

What are the advantages of using S3 Select?

Answer 103

Less network transfer and less CPU cost client side

Question 104

Set an example of two S3 events

Answer 104

S3:ObjectCreated S3:ObjectRemoved

Question 105

In what time are S3 Event notifications delivered?

Answer 105

Typically in seconds but can sometimes take a minute or longer

Question 106

What are S3 event notifications?

Answer 106

The Amazon S3 notification feature enables you to receive notifications when certain events happen in your bucket

Question 107

What can you do to ensure that an event notification is sent for every successful write?

Answer 107

you can enable versioning on your bucket.

Question 108

What are the destinations supported by S3 event notification?

Answer 108

SNS SQS Lambda Functions

Question 109

What is Athena?

Answer 109

Serverless service to perform analytics directly against S3 files

Question 110

What language is used by Athena?

Answer 110

SQL

Question 111

What is the exam tip for Athena?

Answer 111

Analyze data direclty on S3

Question 112

How can you connect externally to Athena

Answer 112

Using a JDBC / ODBS driver

Question 113

What format(s) supports Athena?

Answer 113

A lot (CSV, JSON, ORC, Avro, and Parquet (built on Presto))

Question 114

How are you charged in Athena?

Answer 114

per query and amount of data scanned

Question 115

What is S3 Object lock?

Answer 115

feature that blocks object version deletion during a customer-defined retention period

Question 116

What is S3 Glacier Vault lock?

Answer 116

allows you to lock your vault

Question 117

What is the model adopted by S3 Object Lock and S3 Glacier Vault Lock?

Answer 117

write-once-read-many (WORM)

Question 118

What is great for S3 Cross Region Replication?

Answer 118

Great for dynamic content that needs to be available at low-latency in few regions

Question 119

Which is the minimum storage duration for S3 Standard IA?

Answer 119

30 days

Question 120

How can you mount a file system in S3?

Answer 120

you can't

Question 121

Can you move data directly to Galcier Deep Archive from any other tier?

Answer 121

yes

Question 122

What is the order of the S3 storage classes?

Answer 122

You can move data from up to down but no otherwise: - Standard - Standard IA - Intelligent Tiering - One Zone IA - Glacier - Glacier Deep Archive

Question 123

What is S3 baseline performance for reads?

Answer 123

5,500 GET/HEAD requests per second per prefix in a bucket

Question 124

What is S3 baseline performance for writes?

Answer 124

3,500 PUT/COPY/POST/DELETE requests per second per prefix in a bucket