Skip to content

S3 Exam Tips

Basics

  • Remember that S3 is object-based i.e. allows you to upload files. Object-based storage only (for files).
  • Not suitable to install an OS or run a database.
  • Files can be from 0 Bytes to 5 TB.
  • The largest size file you can transfer to S3 using a PUT is 5 GB.
  • There is unlimited storage
  • Files are stored in Buckets
  • S3 is a universal namespace. That is, names must be unique globally.
  • https://s3-us-west-1.amazonaws.com/acloudguru
  • Read after write consistency for PUTS of new objects
  • Eventual Consistency for overwrite PUTS and DELETEs (can take some time to propagate).
  • S3 (durable, immediately available, frequently accessed)
  • S3 IA (durable, immediately available, infrequently accessed)
  • S3 One-Zone IA: Same as IA. However, data is stored in a single AZ only.
  • S3 Reduced Redundancy Storage (data that is easily reproducible, such as thumbnails, etc.)
  • Glacier: Archived data, where you can wait 3-5 hours before accessing.
  • Remember the core fundamentals of an S3 object
    • Key (name0)
    • Value (data)
    • Version ID
    • Metadata
    • Subresources - bucket-specific configuration.
      • Bucket policies, Access Control Lists
      • Cross-Origin Resource Sharing (CORS)
      • Transfer Acceleration
  • Successful uploads will generate an HTTP 200 status code when you use the CLI or API.
  • Make sure you read the S3 FAQ. GOOD TO READ JUST BEFORE EXAM
  • AWS Storage Gateway acts as a file system mounted on an S3 bucket.

S3 Security

  • By default, all newly created buckets are Private.
  • You can setup access control to your buckets using:
    • Bucket Policies: Applied at a bucket level.
    • Access Control Lists: Applied at an object level.
  • S3 Buckets can be configured to create access logs, which log all requests made to the S3 bucket. These logs can be written to another bucket.

S3 Encryption Exam Tips

  • Encryption In-Transit
    • SSL/TLS (HTTPS)
  • Encryption At Rest
    • Server-Side Encryption
      • SSE-S3
      • SSE-KMS
      • SSE-C (Customer-Managed)
    • Client-Side Encryption
  • If you want to enforce the use of encryption for your files stored in S3, use an S3 Bucket Policy to deny all PUT requests that don't include the x-amz-server-side-encryption parameter in the request header.

Cross Origin Resource Sharing

  • Used to enable cross-origin access for your AWS resources. E.g. S3-hosted website accessing JavaScript or image files located in another S3 bucket.
  • By default, resources in one bucket cannot access resources located in another.
  • To allow cross-origin access, we need to configure CORS on the bucket being accessed and enable access for the origin (bucket) attempting to access.
  • Always use the S3 website URL, not the regular bucket URL:
    • http://acloudguru.s3-website.eu-west-1.amazonaws.com

CloudFront Exam Tips

  • Edge Location: This is the location where content will be cached. This is separate to an AWS Region/AZ.
  • Origin: This is the origin of all the files that the CDN will distribute. Origins can be an S3 Bucket, an EC2 instance, an ELB, or Route53.
  • Distribution: This is the name given to the CDN, which consists of Edge Locations.
    • Web Distribution: Typically used for websites.
    • RTMP: Used for media streaming
  • Edge Locations are not just READ only. You can write to them too. (i.e. PUT an object onto them).
  • CloudFront Edge Locations are utilized by S3 Transfer Acceleration to reduce latency for S3 uploads.
  • Objects are cached for the life of the TTL (Time To Live)
  • You can clear cached objects, but you will be charged for invalidations.

S3 Performance Exam Tips

  • Remember the 2 main approaches to Performance Optimization for S3:
    • GET-Intensive Workloads: Use CloudFront
    • Mixed Workloads (DEPRECATED JULY 2018): Avoid sequential key names for your S3 objects. Instead, add a random prefix like a hex hash to the key name to prevent multiple objects from being stored on the same partition.

Again, read the S3 FAQS.