AWS S3 Interview Question

What is AWS S3?

Amazon Simple Storage Service (S3) is an important service where individuals, applications, and a long list of AWS services keep their data.
It Maintains backup archives, log files, and disaster recovery images.
It is running analytics on big data at rest and Hosting static websites.

What’s the difference between object and block storage?

With block-level storage, data on a raw physical storage device is divided into individual blocks whose use is managed by a file system. The file system is responsible for allocating space for the files and data that are saved to the underlying device and for providing access whenever the OS needs to read some data.

An object storage system like S3 provides a flat surface to store data. This simple design avoids some of the OS-related complications of block storage and allows anyone easy access to any amount of storage capacity.

When you write files to S3, they’re stored along with up to 2 KB of metadata. The metadata is made up of keys that establish system details like data permissions and the appearance of a file system location within nested buckets.

You are configuring an S3 lifecycle rule transition for current S3 object versions that will archive data using Glacier. What should be a valid configuration?

Days after creation

As per AWS Documentation,

When you add a Lifecycle configuration to a bucket, the configuration rules apply to both existing objects and objects that you add later. For example, if you add a Lifecycle configuration rule today with an expiration action that causes objects with a specific prefix to expire 30 days after creation, Amazon S3 will queue for removal any existing objects that are more than 30 days old.

What is AWS Backup?
  • We can use the AWS Backup service to store backups in the AWS Cloud.It’s simply acting as a gateway or a proxy to store backups in the cloud.
  • We can backup a number of AWS items using AWS Backup, including EBS volumes (used by EC2 instances or virtual machines).We can also backup RDS databases, DynamoDB, and even Amazon Elastic File System, or EFS.
  • In order to configure this, you need to create a backup plan that has scheduling, retention, and even options to add tags to the recovery points that are stored as backups.
  • AWS Backup includes scheduling, which relates to the recovery point objective. The RPO, recovery point objective, is a disaster recovery term that reflects the maximum tolerable amount of data loss measured in time. We have backup retention rules within the backup plan, and lifecycle rules to change the storage class of items that are backed up.
  • We need a backup vault to store the recovery points.We can specify AWS Resources to be assigned to backup plan, or we can simply select items based on their AWS resource ID.
  • We can monitor backup activity using the centralized AWS backup console.We can also perform on-demand backups. We don’t have to wait for the schedule, and we can also perform restorations from previously taken backups.
Explain S3 Service Architecture.
  • S3 files are organized into buckets.By default, each user is allowed to create as many as 100 buckets for each AWS account.The name you choose for your bucket must be globally unique within the entire S3 system.
    • Example:Here is the URL you would use to access a file called filename that’s in a bucket called bucketname over HTTP: https://s3.amazonaws.com/bucketname/filename
  • Through AWS CLI: Same file can be accessed through below command:
    • s3://bucketname/filename
How to configure AWS Backup?
  • Sign in to the AWS Management Console and open the IAM console .
  • In the IAM console, choose Roles in the navigation pane, and choose Create role.
  • Choose AWS Service Roles, and then choose Select for AWS Backup.
  • Choose Proceed.
Which PowerShell cmdlet is used to create a new S3 bucket?

New-S3Bucket

Explain S3 Block Public Access.
  • By default, new buckets, access points, and objects don’t allow public access. However, users can modify bucket policies, access point policies, or object permissions to allow public access.
  • In the S3 Management Console, we get a listing of buckets.
    • For example, click on an existing bucket.
    • Navigate to Permissions tab.The page contains four tabs called: Overview, Properties, Permissions, and Management. The Overview tab is open.When we go to the Permissions tab, we have a number of options.It contains four options called: Block public access, Access Control List, Bucket Policy, and CORS configuration.
    • Click the Block public access. Click the Access Control List.Click the Bucket Policy option.click Edit and block all public access. save that setting.
  • We can block public access to buckets and objects granted through any access control list.
  • We can block public access to buckets and objects granted through new public bucket policies.
How will you create S3 Bucket through Boto3?
import boto3
client = boto3.client('s3')

response = client.create_bucket(
    ACL='private',
    Bucket='javahomecloud123',
    CreateBucketConfiguration={
        'LocationConstraint': 'ap-south-1'
    }
)

You planned using the AWS management console to upload large files to an S3 bucket. What is the maximum file upload size when using the GUI?

160 GB

S3 Bucket Encryption and the GUI
  • Encryption provides data confidentiality and you can enable default encryption on an S3 bucket, so that items uploaded to S3 will automatically be encrypted.
  • We can also pick individual items within a bucket and determine whether they are encrypted individually.
    • In the S3 Management Console, click on bucket to open up the settings for it.
    • Click the bucket and the corresponding page opens.
    • The page contains four tabs called: Overview, Properties, Permissions, and Management.The Overview tab is open. It contains: Upload, Create folder, Download and Actions options.
    • Click the Properties tab.
    • By Default encryption is Disabled.
    • Click on that panel. Currently, it’s set to None.
    • we can choose either AES-256, Advanced Encryption Standard 256 bits server-side encryption, with Amazon Managed keys. Or I can choose Key Management Service, or AWS-KMS managed keys, where I can choose the keys that get used for encryption.
Which configuration item defines the backup frequency and retention?

Backup plan

Question: If you would like to configure S3 bucket event notification. You have clicked on the S3 bucket name in console. What should you click next?

Ans – Properties

Question: You are viewing S3 bucket metrics through the S3 management console. Which metrics are shown by default?

Ans – BucketSizeBytes

NumberofObjects

Question: By Default, S3 bucket server access logging is disabled or not ?

Ans – Logging is disabled by default

Question: Which is a valid option for S3 inventory report file formats?

Ans- CSV

Question: How will you connect a Windows instance securely to an S3 bucket over the AWS global infrastructure?

Ans – Through Gateway endpoint

How will you upload file to S3 bucket?
import boto3
client = boto3.client('s3')

file_reader = open('create_bucket.py').read()
response = client.put_object(
    ACL='private',
    Body=file_reader,
    Bucket='javahomecloud123',
    Key='create_bucket.py'
)
You need to archive a file named File1. Which AWS CLI command should you use?

aws s3 cp s3://bucket1/folder1/file1.doc s3://bucket1/folder1/file1.doc –storage-class GLACIER

Question: What is a hybrid cloud storage service that gives us on-premises access to virtually unlimited cloud storage and storage tier management through a virtual appliance?

Ans – Storage Gateway

Question: What is the preferred method, written in JSON, to provide access to the objects stored in an S3 bucket?

Ans – Bucket policy

Question: Which of these statements is NOT true concerning elastic block store volume security?

Ans – In the management console, you can encrypt all volumes in the region by default

You are using the AWS Backup console. You need to restore a backup. Where should you click?

Ans – Protected resources

Question: What is the default S3 bucket encryption setting?

None

Question: You need to encrypt an S3 bucket folder. Which AWS CLI command should you use?

aws s3 encrypt

aws s3 cp

Ans – aws s3 cp

Question: Which PowerShell cmdlet is used to enable bucket encryption?

Enable-S3BucketEncryption

Set-S3BucketEncrypytion

Ans – Set-S3BucketEncrypytion

How will you delete object from S3?
import boto3
client = boto3.client('s3')

response = client.delete_object(
    Bucket='javahomecloud123',
    Key='create_bucket.py'
)
What is the AWS CLI command used to create a new S3 bucket?

aws s3api create-bucket

Question: Which of the following is the best reason to enable S3 bucket versioning?

Accidental object deletion

Auditing

Ans – Accidental object deletion

Question: What must be configured before S3 bucket cross-region replication can be enabled?

Auditing

Versioning

Ans – Versioning

How will you list objects from S3?
import boto3
client = boto3.client('s3')

response = client.list_objects(
    Bucket='javahomecloud123'
)

for content in response['Contents']:
    print(content['Key'])
What must be configured for data archiving to Glacier?

Vault

Question: What is a benefit of using CloudFront?

Encryption of data at rest

Reduced network latency

Ans – Reduced network latency

CloudFront is Amazon Web Services content delivery network solution. You can serve up content stored in an S3 bucket. You can even specify other external web apps or websites using a URL, so you can serve up HTTP web server content through CloudFront. You can configure CloudFront to cache dynamic content. You can enable streaming directly from S3 buckets. So, if you want to stream video or audio, you can do that. Now, CloudFront is designed to reduce network latency.

Question: Which of the following are valid CloudFront distribution types?

Web

REST

RTMP

Ans – Web

RTMP

You are using the AWS management console to create a new S3 bucket. What is the default permission for the new bucket?

Block all public access

How will you list out all S3 buckets?
import boto3
client = boto3.client('s3')
response = client.list_buckets()
for bucket in response['Buckets']:
    print(bucket['Name'])

Question: Which of the following is required for S3 static web site hosting?

Ans – Enable S3 public access

Which PowerShell cmdlet changes an S3 object’s storage class?

Copy-S3Object

How will you select specific rows , columns from json filestored in S3?
import boto3
client = boto3.client(’s3’)

resp = client.select_object_content (
Bucket=’javahome—9090’,
Key=’fites/employees.json’,
Expression=’Select s.name1 s.email. from S3Object s’,
ExpressionType=’SQL’, I
InputSerialization = {‘json’: {‘FileHeaderlnfo’: ‘Use’)),
OutputSerialization = {‘JSON’: {}}
)

for event in resp['Paylload']:
    if 'Records' in event:
    print(event[’Records'] [‘PayLoad’l .decodeo())
Which Linux command can be used to connect to AWS Elastic File System?

mount

What is S3 Lifecycle Management and how will you create Rule?
  • An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects.
  • Using lifecycle management options, we can determine about S3 objects over time. For example, you might choose to transition objects to the S3 Standard-IA storage class 30 days after you created them, or archive objects to the S3 Glacier storage class one year after creating them.

Create Rule:

  • Open S3 Management Console then we can see S3 into three parts. The first part is a toolbar. The second part is a navigation pane. The Buckets option is selected in the navigation pane. The third part is a content pane.
  • Open any S3 bucket pane. It contains tabs called: Overview, Properties, Permissions, and Management.
  • We can actually set lifecycle management options for the contents of the bucket. For example, if user clicks Management tab then Lifecycle becomes an option.As an example, if user clicks the bucket and the corresponding page opens. He selects the Management tab. It contains tabs called: Lifecycle, Replication, Analytics, Metrics, and Inventory.
  • Select the Lifecycle tab. It includes buttons called: Add lifecycle rule, Edit, Delete, and Actions. User clicks the Add lifecycle rule button. The Lifecycle rule dialog box opens. A page titled: Name and scope is open.

Add a lifecycle Rule1.

  • User can enable versioning within an S3 bucket. We can determine whether we want this lifecycle rule to apply to the Current version of files or objects, or previous. Choose current. So, then click add transition.
  • A drop-down list box called: Object creation and a text box called: Days after creation is displayed.
  • The Object creation drop-down list box contains Transition to Standard-IA after, Transition to Intelligent-Tiering after, Transition to One Zone-IA after, and Transition to Glacier after options. 
  • Choose Glacier- As user needs things archived. User does not want them removed or deleted. So, we can specify that after one year, after 365 days the object was created and it automatically archived to Glacier.
  • Now, Glacier is a cheaper storage mechanism over the long term.
    • Click on next and save finally to create Rule 1.

Doing so, Rule 1 is created.

Which PowerShell cmdlet is used to upload content to an S3 bucket?

Write-S3Object

How do you create S3 Bucket through GUI?
  • Open AWS Management Console and navigate to S3 Management Console.
    • Click the Create bucket button and provide unique bucket name.
  • Determine the region where your content will be uploaded to the S3 bucket and downloaded from. Now Configure options opens. 
    • We have the option of enabling versioning. So, if we want to keep multiple versions of files in the bucket as files get modified overtime
  • We can also automatically encrypt objects that are stored in S3. We can choose from either AES-256 bit encryption or AWS-KMS.
  • Under Advanced settings, we can determine couple of other items like Object lock.
  • Click on Next and we can see our newly created a bucket in the list.
  • We can see the Access is set to block public access. We can see the Region in which it was deployed, and the date and time creation stamp.
  • select the box, the checkbox for that and click Properties in the resultant dialogue box, it takes directly into the Properties of that specific bucket. And,click on the bucket name itself, it opens up the bucket, From here, we can Upload content or create folders or containers.
  • If we click the Create folder button. A table with four columns is displayed. The column headers are Name, Last modified, Size, and Storage class
  •  We can’t download the folder when there’s nothing in it. We can’t restore it, if it hasn’t been archived to Glacier, and so on. So be aware that we have to make a selection before the appropriate items will be lit up in blue under the Actions menu.
You are using the AWS management console. You navigate to and select and S3 folder. What should you click to configure the folder storage class?

Actions, Change storage class

Question: Which S3 option automatically moves old objects to the Glacier tier?

Ans – Lifecycle rule

What is resource-based bucket policy?

• we can use a resource-based bucket policy to allow another AWS account to upload objects to other bucket and use a conditional statement to ensure that full control permissions are granted to a specific account identified by an ID.

• we cannot use a resource-based ACL with IAM policy as this configuration does not support conditional statements

How will you create bucket through AWS CLI?

aws s3api create-bucket –bucket bucket1234 –region eu-west-1 –create-bucket-configuration LocationConstraint=eu-west-1

Which protocol does Elastic File System use?

NFS

How will you find list of buckets through AWS CLI?

aws s3api list-buckets –query “Buckets[].Name”

How will you create S3 bucket through powerShell?

New-S3Bucket –BucketName bucket1234 –Region ca-central-1

How will you upload files in S3 Using the GUI?
  • In Amazon Web Services, S3 buckets serve as cloud storage solutions.
    • Open  S3 Management Console. It contains a list of buckets. 
    • If the bucket is empty, then we can organize files on a storage drive.
  • Create folders. A table with four columns is displayed. The column headers are Name, Last modified, Size, and Storage class.
  • Use the bucket settings for encryption ,leave the default and click Save.
  • So we got a folder that we created within our S3 bucket.
    • we can create a subordinate folder within The Overview tab. 
    • We can upload files through The Upload dialog and Select files.
    • We can drag and drop files from other parts of our screen to this location to upload them or we can click Add files, which I will do.
    • When you’ve selected some files, you’ll see the number of files listed at the top along with the Size, which can be important in giving you an indication of how long it might take to upload these depending on your Internet connection speed.
    • We can see the Target path where it’s going to be uploaded to the Projects folder in our bucket.
  • If we forgot to add files, we can just click Add more files.
  • We can also click the x to remove items if we don’t want to upload .
  • If I have both Read and Write permissions. I can add other AWS accounts that have permissions to these uploaded items.
  • For encryption, we can select a file and go to the Actions menu and make a change as Change encryption.
How will you upload files through cli?

aws s3 cp d:\samplefile s3://bucket44 –exclude “*“ –include “*.txt”

How will you upload file through PowerShell?

PS C:\> Write-S3Object -BucketName bucket17 -Fil,e d:\licensekey.txt -Key Projects/licensekey.txt -CannedACLName Private

Explain S3 Object classes?

AWS Elastic File System Overview

  • Amazon Elastic File System is a cloud storage service provided by Amazon Web Services designed to provide scalable, elastic, concurrent with some restrictions, and encrypted file storage for use with both AWS cloud services and on-premises resources.
  • Web serving & content management. Amazon EFS provides a durable, high throughput file system for content management systems and web serving applications that store and serve information for a range of applications like websites, online publications, and archives.
  • AWS Elastic File System is an NFS version 4 mountable file system that we define centrally in the AWS cloud. You can configure either on-premises, devices like virtual machines to mount this file system, or EC2 instances defined in AWS, to mount that file system. Essentially, it’s an NFS shared folder in the cloud.
Configure Elastic File System
  • Open the EFS Management Console.Click the Create file system button. specify the VPC affiliation.
  • A page Create file system opens. It is divided into three parts. The first part is a toolbar. The second part is a navigation pane. The third part is a content pane. A page titled: Configure file system access is open in the content pane. 
    • Now down below, for each Subnet and Availability Zone, we have mount targets enabled. The mount target is what you actually make a connection to when you are mounting the EFS file system into your local file system. So it’s going to automatically assign an IP address to that. And it’s automatically got Security groups to control network traffic for those two mount targets.
  • Configure optional settings is selected in the navigation pane and the corresponding page is open in the content pane. click Next Step and add some metadata, so some tag key and value pairs.

Explain Amazon S3 Glacier
  • Amazon S3 Glacier is a service that’s all about cloud archiving.Amazon S3 Glacier will determine how long it takes to retrieve or restore data from the archive. It can be from minutes upto hours. S3 Glacier is that it’s inexpensive data storage for data that’s infrequently accessed.It is archived for the long-term.
  • we can configure policies for regulatory compliance. For example, we can set the permissions to the vault such as “who is allowed to upload archives to the vault”, “who’s allowed to get the result of archive job output”, “who’s allowed to delete the vault.” We can even initiate a vault lock, that way we can set it to be immutable. In other words, it’s read-only. And that might be required for regulatory compliance in some cases. So immutable means that archives cannot be altered. We can also configure Amazon S3 Glacier as the target for an S3 bucket’s lifecycle management settings.

Sometimes we try to fetch metadata from a file from an S3 bucket and we get 404 Not Found issue. What should be the reasons?

If we make a HEAD or GET request for the S3 key name before creating the object, S3 provides eventual consistency for read-after-write. If file is not uploaded correctly in S3 then we get 404 Not Found issue.

Explain S3 Cross Region Replication
  • Amazon S3 now supports cross-region replication, a new feature that automatically replicates data across AWS regions.
  • With cross-region replication, every object uploaded to an S3 bucket is automatically replicated to a destination bucket in a different AWS region that you choose.
  • You can enable AWS S3 bucket Cross-Region Replication to increase the availability of data stored in the S3 bucket.
  • As the name implies, Cross-Region Replication allows you to essentially create a replica or copy of the contents of an entire bucket.
  • you can specify only a subset of content from the bucket to be replicated to an alternate geographical location.
  • Now, the benefit is that if we experience some kind of a regional outage or disaster due to weather or anything of that nature,
  • then we can get a copy of the data elsewhere.

If you click on any bucket then you can find four tabs : Overview, Properties, Permissions, and Management.

  • Consider this bucket’s Versioning is already enabled, where Versioning stores multiple versions of objects stored in S3.
    • As you need to have Versioning enabled if you want to enable Cross-Region Replication. And it will remind you, as you’re enabling that, if you haven’t.
  • We can click on the Management tab. It contains options called: Lifecycle, Replication, Analytics, Metrics, and Inventory.
  • Click an option called: Replication.We can click the Add rule button to add a replication rule.
    • A dialog box called: Replication rule opens.It contains four steps called: Set source, Set destination, Configuration rule options, and Review.
    • The options for Set source step are displayed.

Now, we can replicate the entire bucket contents to an alternate location, to a bucket in a different region.

Explain CloudFront.
  • CloudFront is Amazon Web Services content delivery network solution. You can serve up content stored in an S3 bucket. You can even specify other external web apps or websites using a URL, so you can serve up HTTP web server content through CloudFront.
  • You can configure CloudFront to cache dynamic content. You can enable streaming directly from S3 buckets. So, if you want to stream video or audio, you can do that. Now, CloudFront is designed to reduce network latency.