S3 Encryption and Versioning Flashcards Preview

Fully Merged AWS SA Prep > S3 Encryption and Versioning > Flashcards

Flashcards in S3 Encryption and Versioning Deck (15)
Loading flashcards...
1
Q

What are the two types of Encryption in S3?

A

Encryption in Transit and Encryption at Rest

2
Q

How is Encryption in Transit achieved?

A

using SSL and TLS.

3
Q

“https://” generally means you are using what type of encryption?

A

Encryption in Transit

4
Q

What is encryption at rest?

A

Encryption at rest is encryption of data being stored (as opposed to data being transmitted)

5
Q

How can you achieve Encryption at rest on the server side?

A
  • S3 Managed Keys (SSE-S3), where Amazon manages the keys for you

– AWS Key Management Service, Managed Keys (SEE-KMS), where you and Amazon handle the keys together

– Server Side Encryption with Customer Provided Keys (SSE-C): You manage keys yourself, and give your own keys to Amazon

6
Q

How can you achieve encryption at rest on the client side?

A

You encrypt an object, then upload that (encrypted) object to S3

7
Q

What is S3 Versioning? Why is it useful?

A

S3 Versioning stores all versions of an object, including all writes and even if you delete an object, making it a great backup tool

8
Q

Once enabled, how do you disable versioning?

A

Once enabled, versioning cannot be disabled, only suspended.

9
Q

Suppose you have a public file in an S3 bucket, and then upload a new version of that file. Is the new version of the file also public?

A

No

10
Q

What is the size of an S3 bucket?

A

The size of an S3 bucket is the sum over all objects in the bucket of the sum over all versions of each object of the size of the version

11
Q

What happens when you go to “Actions -> Delete” on an object in an S3 bucket?

A

This does not “actually” delete the file. Instead, it creates a new version of the file with a delete marker on it.

So, to restore the file, you should delete the version with the delete marker.

12
Q

What happens when you go to “Actions -> Delete” on the latest version of an object in an S3 bucket?

A

Actions -> Delete on a version deletes that version.

Deleting the latest version restores the previous version as the latest version

13
Q

How can I provide an additional layer of security to prevent people from actually deleting a file in an S3 bucket?

A

Turn on MFA Delete

14
Q

Suppose I want to automatically Transition files into different tiered storage classes after a certain amount of time. How might I be able to do this?

A

Utilize Lifecycle Management rules

15
Q

Can you apply lifecycle management rules to specific versions of a file?

A

Yes. Lifecycle management can be used in conjunction with versioning, and can be applied to current versions and previous versions