Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS - Solutions Architect Associate (SAA-C02) > Section - S3 > Flashcards

Section - S3 Flashcards

1
Q

What is AWS S3?

A

AWS S3 stands for Amazon Simple Storage Service

  • Object storage service for the cloud that is highly available
  • Objects (Files) are stored in buckets (Directory)
  • Objects can be Public or Private
  • Store files up to 5TB per file.
  • You can set security at the bucket level or individual object leverl using access control lists (ACLs), Bucket policies or access point policies.
  • You can enable versioning to create multiple versions of your file in order to proctect against accidental deletion and to use a previous version.
  • AWS S3 is a regional service, but bucket names are globally unique
    • Example S3 URLs:
      • https://bucket-name.s3.region.amazonaws.com/key-name
      • https://mlankabucket.s3.us-east-1.amazonaws.com/iron-man.jpg
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AWS S3 is a Key-Value Store?

A
  • Key
    • The name of the object, example iron-man.jpg
  • Value
    • This is the data itself, which is made up of a sequence of bytes.
  • Version ID
    • Important for storing multiple versions of the same object
  • Metadata
    • Data about the data you are stroing e.g. content-type, last-modified etc..
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is AWS S3 durability standard?

A
  • Durability is important so your objects are never lost or compromised.
  • Amazon S3 Standard is designed for 99.999999999%(11 9’s) of durability.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is AWS S3 availability standard?

A
  • Availability is important so you can access your data quickly when you need it.
  • Amazon S3 Standard is designed for 99.99% of availability.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Characteristics of AWS S3 Standard class?

A
  • S3 Standard
    • General Purpose storage
    • Data stored across multiple availability zones (>= 3AZs)
    • Low latency and high throughput
    • Recommended for frequenctly accessed files
    • 99.9% Availability
    • 99.99999999999% Durability (11 9’s)
    • The default storage class
    • use cases include websites, content distribution, mobile and gaming applications, and big data analytics
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What ar ethe 7 AWS S3 Storage Classes?

A
  • S3 Standard
  • S3 intelligent-Tiering
  • S3 Standard Infrequent Access (IA)
  • S3 One Zone-Infrequent Access(IA)
  • S3 Glacier
  • S3 Glacier Deep Archive
  • S3 Outpots
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Characteristics of AWS S3 S3-IA Standard Infrequent Access (IA) class?

A

Standard Infrequent Access:

  • Data accessed infrequently by requires rapid access.
  • Cheaper than S3 standard
  • Data stored across multiple availability zones
  • 99.9% Availability
  • 99.99999999999% Durability (11 9’s)
  • recommended for:
    • Long-lived data
    • Infrequently accessed
    • Millisecond access when needed.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Characteristics of AWS S3 Intelligent-Tiering class?

A

S3 intelligent-Tiering

  • Automatically moves data to the most-cost effective storage class
  • No retrieval fees
  • Automatic cost savings
  • Data stored across multiple availability zones
  • recommended for data with unknown or changing access patterns.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Characteristics of AWS S3 Outposts class?

A

S3 Outposts:

  • provides data storage on premise.
  • single storage class
  • Data stored accross multiple devices and servers.
  • recommended for:
    • Data needs to be kept local
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Characteristics of AWS S3 One Zone-Infrequent Access(IA) class?

A

S3 One Zone-Infrequent Access(IA):

  • Like S3 Standard-IA but stored in single availability zone.
  • Cost 20% less than S3 standard-IA
  • Data stored in this storage class can be lost.
  • Availability 99.95%
  • recommended for:
    • Re-creatable data
    • Availability and Durability are not essential
    • Millisecond access when needed.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Characteristics of AWS S3 Glacier class?

A

S3 Glacier:

  • Long-term data storage.
  • data retrieval takes longer.
  • 3 retrieval options:
    • 1 - 5 Minutes
    • 3 - 5 Hours
    • 5 - 12 hours
  • Data stored accross multiple availability zones.
  • recommended for:
    • Long-term backup
    • Cheaper storage option
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Characteristics of AWS S3 Glacier Deep Archive class?

A

Glacier Deep Archive:

  • Like Glacier but longer access times.
  • 2 retrieval options:
    • 12 hours
    • 48 hours
  • Data stored accross multiple availability zones.
  • Cheapest of all S3 Options
  • recommended for:
    • Long-term data archival accessed once or twice a year.
    • Retaining data fro regulatory complience requirements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AWS S3 Encryption?

A

Types of Encryptions applied:

  • Encryption in Transit
    • SSL/TLS
    • HTTPS
  • Encryption At Rest - Server Encryption
    • SSE-S3 - S3 managed keys, using AES 256-bit encryption
    • SSE - KMS - AWS key Management service Keys
    • SSE - C - Customer provided keys (You are incharge of managing the keys )
  • Encryption at Rest - Client Side Encryption
    • You encrypt the files yourself before you upload them into S3
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AWS S3 Enforcing Server Side Encryption?

A
  • AWS Console
    • Select the encryption setting on your S3 bucket.
  • Bucket Policy
    • You can enforce encryption using a bucket policy.

When uploading file which requires enforcing of encryption server side, use the following options in your PUT headers request:

  • x-amz-server-side-encryption: AES256 (SSE-S3 - S3 Managed keys)
  • x-amz-server-side-encryption: aws:kms (SSE-KMS - KMS managed keys)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How AWS S3 Bucket Policies Work?

A

You can set up access control to your buckets using Bucket Policies.

  • Applied at Bucket level
    • The permissions granted by the policy apply to all of the objects within the bucket.
  • Not Individual Objects
    • You can’t attach a bucket policy to an individual object
  • Group Files
    • A Group of files which need to be accessed by the same people
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

AWS S3 Bucket Access Control Lists(Bucket ACLs)?

A

​AWS S3 is secured by default, all newky created buckets are private.

  • Access Control Lists:
    • Applied at an object level
    • We can apply different permissions for different objects within a bucket.
  • Grant Access to Objects:
    • We can define which accounts or groups are granted access and also the type of access. e.g. read, write , or full control
  • Fine Grained Control:
    • Grant a different type of access to different objects within the same bucket. e.g. to apply different permissions for different objects, for different users and groups.
  • Access Logs:
    • S3 Buckets can be configured to create access logs, which log all requests made to the s3 Bucket. those very logs can be written to another bucket.
17
Q

Strong Read-After-Write Consistency?

A
  • After a successful write of a new object(PUT) or an overwrite of an existing object, any subsequent read request immediately receives the latest version of the object
  • Strong consistency for a list operations, so after a write, you can immediately perform a listing of objects in a bucket with all the changes reflected.
18
Q

Object ACLs Vs. Bucket Policies

A
  • Access Control List
    • Object ACLs
    • Object ACLs work on an individual object level
  • Bucket Policy
    • Bucket policies work on an entire bucket level.
19
Q

Advantages of Versioning?

A
  • All Versions
    • All versions of an object are stored in S3.
    • This includes all the writes and even if you delete an object.
  • Backup
    • Can be a great backup tool
  • Cannot be Disabled
    • Once enabled, versioning cannot be disabled - only suspended
  • Lifecycle Rules
    • Can be integrated with lifecycle rules.
  • Supports MFA
    • Can support multi-factor authentication.

NB: When you add a public policy to your bucket, the previous versions of content will not be made public. You have to make those old versions public

20
Q

What is Lifecycle Management in S3?

A
  • Lifecycle management automates moving your objects between the different storage tiers, thereby maximizing cost effectiveness.
  • Combining Lifecycle management with Versioning
    • You can use lifecycle management to move different versions of objects to different storage tiers.
21
Q

What is S3 Object Lock?

A
  • You can use S3 Object Lock to store objects using a write once, read many (WORM) model. It can help prevent objects from being deleted or modified for a fixed amount of time or idenfinitely.
  • You can use S3 Object Lock to meet regulatory requirements that require WORM storage, or add an extra layer of protection against object changes and deletion.
  • Governance Mode(allow some users to be able to delete)
    • in governance mode, users can’t overwrite or delete an object version or alter it’s lock settings unless they have special permissions.
    • With governance mode, you protect objects against being deleted by most users, but you can still grant some users permission to alter the retention settings or delete the object if necessary.
  • Compliance Mode
    • In compliance mode, a protected object version can’t be overwritten or deleted by any user, including the root user in your AWS account.
    • When an object is locked in compliance mode, it’s retention mode can’t be changed and it’s retention period can’t be shortened.
    • Compliance mode ensures an object version can’t be overwritten or delete for the duration of the retention period.
22
Q

What is AWS S3 Retention Periods?

A
  • A retention period protects an object version for a fixed amount of time.
  • When you place a retention period on an object version, Amazon S3 stores a timestamp in the object versions’s metadata to indicate when the retention period expires.
  • After the retention period expires, the object version can be overwritten or deleted unless you also placed a legal hold on the object version.
23
Q

What is AWS S3 Legal Hold?

A
  • S3 Object Lock also enables you to place a legal hold on an object version.
  • Like a retention period, a legal hold prevents an object version from being overwritten or deleted.
  • However, a legal hold doesn’t have an associated retention period and remains in effect until removed.
  • Legal holds can be freely placed and removed by any user who has the s3:PutObjectLegalHold permission.
24
Q

What is Glacier Vault Lock?

A
  • S3 Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy.
  • You can specify controls, such as WORM, in a vault lock policy and lock the policy from future edits.
  • Once locked, the policy can no longer be changed.
25
Q

What is AWS S3 Prefixes?

A
  • the folder structure between the bucket name and the file name
    • mybucketname/folder1/subfolder1/myfile.jpg > /folder1/subfolder1
26
Q

S3 Performance?

A
  • S3 has extremely low latency. You can get the first byte out of S3 within 100-200 milliseconds.
  • You can also achieve a high number of requests:
    • 3,500 PUT/COPY/POST/DELETE
    • 5,500 GET/HEAD
    • requests per second, per prefix
  • You can get better performance by spreading your reads across different prefixes.
    • For example, if you are using 2 prefixes, you can achieve 11,000 requests per second.
  • If we used all 4 Prefixes in the lat example, you would achieve 22,000 requests per second.
27
Q

AWS S3 Limitations with KMS?

A
  • If you are using SSE-KMS to encrypt your objects in S3, you must keep in mind the KMS limits
  • When you upload a file, you will call GenerateDataKey in the KMS API.
  • When you download a file, you will call Decrypt in the KMS API.
  • KMS Request Rates
    • Uploading/downloading will count toward the KMS quota
    • Currently, you cannot request a quota increase for KMS.
    • Region-specific, however, it’s either 5,500 , 10,000 or 30,000 requests per second.
28
Q

S3 Multipart Uploads?

A
  • Recommended for files over 100 MB
  • Required for files over 5 GB
  • parallelize uploads (increases efficiency)
29
Q

What is S3 Byte-Range Fetches?

A
  • Parallelize downloads by specifying byte ranges.
  • If there’s a failure in the download, it’s only for a specific byte range.
  • can be used to speed up downloads
  • can be used to download partial amounts of the file(e.g. header information)
30
Q

What is S3 Replication?

A
  • You can replicate objects from one bucket to another.
    • Versioning must be enabled on both the source and destination buckets.
  • Objects in an existing bucket are not replicated automatically.
    • Once replication is turned on, all subsequent updated objects will be replicated automatically.
  • Delete markers are not replicated by default.
    • Deleting individual versions or delete markers will not be replicated.

AWS - Solutions Architect Associate (SAA-C02) (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions