S3

Question 1

Is S3 object or block based?

Answer 1

S3 is object based

Question 2

Storage limit in S3

Answer 2

There is unlimited storage in S3

Question 3

What are you asked when creating a bucket?

Answer 3

Bucket name, region, etc.

Question 4

Scope of the S3 buckets names

Answer 4

Bucket names must be unique globally.

Question 5

What is one of the formats of the S3 objects URL?

Answer 5

https://[bucketName].s3.[region].amazonaws.com/[objectName]

Question 6

Data consistency model of Amazon S3

Answer 6

Amazon S3 buckets in all Regions provide read-after-write consistency for PUTS of new objects and eventual consistency for overwrite PUTS and DELETES.

Question 7

S3 storage classes/tiers

Answer 7

• S3 Standard
• S3-IA
• S3 One Zone-IA
• S3 Glacier
• S3 Glacier Deep Archive
• S3 Intelligent-Tiering

Question 8

S3 object’s fundamentals

Answer 8

Key (name)
Value (data)
Version Id
Metadata

Question 9

Can be versioning on S3 disabled?

Answer 9

No. It can only be suspended

Question 10

What are the file size limits in S3?

Answer 10

Files can be from 0 bytes to 5 TB.

Question 11

What is the HTTP PUT size limit in S3?

Answer 11

5G

Question 12

What is an alternative to upload big objects to S3 apart from a single PUT?

Answer 12

The Multipart Upload API

Question 13

How much time is needed to restore from Glacier?

Answer 13

A few hours or minutes

Question 14

What are the costs associated with S3?

Answer 14

Storage
Requests
Storage Management Pricing (tags)
Data Transfer Pricing (on cross-region replication)
Transfer Acceleration (using CloudFront)

Question 15

Is S3 versioning incremental?

Answer 15

No. Stores all versions of an object.

Question 16

What is required for Cross Region Replication?

Answer 16

Versioning enabled on the source and target buckets

Question 17

Does versioning is required for Lifecycle rules?

Answer 17

No. Lifecycle rules can be used in conjunction with versioning but is not required

Question 18

When you activate Cross Region Replication, does existing objects are replicated?

Answer 18

No. Existing objects will not be replicated. Cross-Region Replication replicates every future upload of every object to another bucket.

Question 19

What can be done with Lifecycle Management?

Answer 19

Automate moving the objects between storage classes

Question 20

Are S3 buckets by default public or private?

Answer 20

By default, all newly created buckets are private (and also all objects stored inside them)

Question 21

How can you setup access control to a bucket?

Answer 21

Using:

• Bucket policies
• Access control lists

Question 22

How can you audit the access to S3 resources?

Answer 22

S3 buckets can be configured to create access logs which log all requests made to the S3 bucket. This can be done to another bucket (even in another AWS account)

Question 23

What encryption methods are supported for “in transfer” S3 resources?

Answer 23

SSL/TLS

Question 24

What encryption methods are supported for the Server Side Encryption (“at rest”) of S3 resources?

Answer 24

• Server-side encryption
• SSE-S3 (Managed keys)
• SSE-KMS (Key Management Service)
• SSE-C (Customer Provided Keys)

Question 25

What’s an additional security measure to prevent accidental deletions of S3 objects?

Answer 25

Versioning’s MFA delete capability

Question 26

Are lifecycle rules available only for the current version?

Answer 26

No. Lifecycle rules are also available for previous versions.

Question 27

Can S3 be used to host static websites?

Answer 27

Yes (serverless, very cheap, scales automatically, no dynamic site hosting)

Question 28

What’s the HTTP status code for a successful S3 write?

Answer 28

HTTP 200 OK

Question 29

Which is the URL format for S3 static website hosting?

Answer 29

http://[bucket name].s3-website-[region].amazonaws.com

Question 30

How am I charged for using Versioning?

Answer 30

Normal Amazon S3 rates apply for every version of an object stored or requested.

Question 31

Are deletions (delete markers) replicated in S3 Replication?

Answer 31

Not by default

Question 32

What’s an expected “limit” for PUT/POST/DELETEs and GETs per second in S3? How can performance be increased with prefixes?

Answer 32

There’s no hard limit. Your application can achieve at least 3,500 PUT/POST/DELETE and 5,500 GET requests per second per prefix in a bucket. There are no limits to the number of prefixes in a bucket. It is used to increase your read or write performance exponentially. For example, if you create 2 prefixes in an Amazon S3 bucket to parallelize reads, you could scale your read performance to 11,000 read requests per second.

Question 33

Does Multipart Upload deliver improved throughput?

Answer 33

Yes. You can upload parts in parallel to improve throughput.

Question 34

How can you make individual objects public?

Answer 34

Using object ACLs

Question 35

How can you make entire buckets public?

Answer 35

Using bucket policies

Question 36

What do you need to keep in mind when using SSE-KMS to encrypt your objects in S3?

Answer 36

The KMS limits. Uploading/Downloading will count towards the KMS quota

Question 37

How can performance be increased when downloading large files from S3?

Answer 37

Using S3 byte-range fetches

Question 38

What kind of versions are stored for an object when versioning is enabled?

Answer 38

All versions of an object are stored in S3. This includes all writes and even if you delete an object

Question 39

Can Lifecycle Management be only applied to current versions?

Answer 39

No. Can be applied to current versions and previous versions

Question 40

What can S3 Object Lock be used for?

Answer 40

To store objects using a WORM model: Write once, read many

Question 41

How can S3 Object Lock be applied? To individual objects or to an entire bucket?

Answer 41

Both. Object Lock can be on individual objects or applied across the bucket as a whole

Question 42

What are the two possible S3 Object Lock modes?

Answer 42

Compliance mode and governance mode

Question 43

How does S3 Object Lock Governance Mode work?

Answer 43

Users can’t overwrite or delete an object version or alter its lock settings unless they have special permissions

Question 44

How does S3 Object Lock Compliance Mode work?

Answer 44

A protected object version can’t be overwritten or deleted by any user, including the root user in your AWS account

Question 45

How can WORM be implemented in S3 and Glacier?

Answer 45

WORM -> S3 -> Object lock

WORM -> Glacier -> Vault lock

Question 46

How does S3 Glacier Vault Lock work?

Answer 46

S3 Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy. You can specify controls, such as WORM, in a vault lock policy and lock the policy from future edits. Once locked, the policy can no longer be changed.

Question 47

How much time is needed to restore from Glacier Deep Archive?

Answer 47

12 hours

Question 48

How can encryption be enforced with a Bucket Policy?

Answer 48

A bucket policy can deny all PUT requests that don’t include the x-amz-server-side-encryption parameter in the request header

Question 49

When do multipart uploads should and must be used?

Answer 49

Should be used for any files over 100MB and must be used for any file over 5GB.