AWS S3 Quiz

Questions and Answers

What is the primary benefit of using CloudFront edge locations with S3?

• Enhanced data analytics capabilities
• Improved security for sensitive data
• Reduced latency for read-intensive requests (correct)
• Increased storage capacity for buckets

What type of data store is S3 classified as?

• Volatile data store
• Persistent data store (correct)
• Ephemeral data store
• Transient data store

What is the default number of buckets allowed per AWS account?

• Unlimited buckets
• 100 buckets (correct)
• 50 buckets
• 200 buckets

What is the purpose of CORS headers in S3?

To allow requests to a different origin (C)

Which storage class stores objects redundantly within a single Availability Zone?

S3 One Zone-IA (D)

What is the format for specifying resources in a policy?

arn:partition:service:region:namespace:relative-id (A)

What is the purpose of access auditing in S3?

To capture IAM/user identity information in logs (B)

Who can grant cross-account permissions to another AWS account?

The bucket owner (C)

What type of policy defines access to resources and can be associated with resources and users?

Access policy (B)

What is the maximum size of an object that can be uploaded in a single PUT request?

5 gigabytes (D)

What is the consistency model used for overwrite PUTS and DELETES in Amazon S3?

Eventual consistency (C)

How are objects stored in Amazon S3?

On multiple devices across multiple facilities (AZs) in an Amazon S3 region (D)

What is the purpose of the Requester Pays function in Amazon S3?

To remove anonymous access and make the requester pay (D)

What is the minimum size of a file that can be stored in Amazon S3?

0 bytes (C)

What is the recommended way to access Amazon S3?

Through SDKs and APIs (B)

What is the purpose of Event notifications in Amazon S3?

To send alerts or trigger actions for specific events (B)

What is the scalability of Amazon S3?

Scalable to high request rates (C)

What is the maximum size of a bucket policy?

20 KB (B)

What is the recommended use case for bucket ACLs?

Granting write permissions to the S3 Log Delivery group (A)

Which of the following is NOT a valid use case for bucket policies?

Defining access control lists for objects (D)

What is the maximum number of permissions that can be granted per object ACL?

100 (C)

What is the purpose of transfer acceleration?

To reduce latency for object uploads to S3 over long distances (B)

What is the URL format for S3 Transfer Acceleration?

s3-accelerate.amazonaws.com (A)

Which of the following is NOT a supported feature for S3 Transfer Acceleration?

Transfer acceleration can be disabled (C)

What is the purpose of pre-signed URLs?

To grant temporary access to specific objects to users without AWS credentials (A)

Which of the following statements about S3 Static Websites is FALSE?

S3 Static Websites can use dynamic content such as PHP and .Net (A)

Which of the following is a valid use case for multipart upload?

To upload objects larger than 5 GB (D)

What happens when an object is deleted in a bucket with versioning enabled?

A DELETE marker is placed on the object. (B)

Which option is NOT a server-side encryption method supported by Amazon S3?

SSE-IA (D)

What must be enabled for Cross Region Replication to function?

Versioning on both source and destination buckets (C)

When is a lifecycle action applied in Amazon S3?

Based on an XML file configuration. (A)

What does enabling versioning in S3 mean for previously existing objects?

They will be assigned a version ID of NULL. (C)

What action does Multi-factor authentication (MFA) delete apply to?

Deleting versioned objects permanently (B)

Which of the following statements about lifecycle management is false?

It applies only to current versions of an object. (D)

What must be done before transitioning objects to the ONEZONE_IA class?

Store them for at least 30 days in STANDARD_IA. (C)

What is the minimum permission required to use a KMS customer master key while uploading an encrypted object?

kms:Decrypt (B)

What is true about the versioning feature in Amazon S3?

It cannot be suspended once enabled. (D)

What is a necessary requirement for enabling Cross Region Replication (CRR) in S3?

Replication can take place only if versioning is enabled for the source bucket. (A)

What does S3 object tagging allow you to do?

Create IAM policies based on object attributes. (C)

How often are CloudWatch Storage Metrics reported for S3 buckets?

Once per day. (C)

What is a requirement for configuring notifications in Amazon S3?

You need to define event types and message destinations. (D)

Which of the following is NOT a trigger for S3 replication?

Changes made to bucket policies. (C)

Which permission is necessary for Amazon S3 to replicate objects into a destination bucket?

The bucket owner must grant S3 permission to replicate objects. (B)

What is the intended use of S3 Lifecycle policies?

To manage the storage duration of S3 objects. (B)

What does the replication feature of S3 ensure regarding the objects being replicated?

Replicas will be exact copies with matching key names and metadata. (B)

What type of objects cannot be replicated with Cross Region Replication (CRR)?

KMS-encrypted objects without a valid KMS key. (C)

What is a key characteristic of Same Region Replication (SRR)?

It is asynchronous and requires no specific permissions. (C)

What types of Amazon S3 storage classes can objects be replicated to?

Any Amazon S3 storage class, including S3 Glacier (A)

What does S3 Inventory primarily provide?

Daily or weekly reports on object replication and encryption status (A)

What is a critical factor to avoid when setting up server access logging?

Designating the same bucket for both logging and log storage (D)

Which strategy is recommended for optimizing performance of Amazon S3?

Use byte-range fetches in GET Object requests (A)

What happens when changes occur to an S3 object that has replication configured?

A new replication is triggered to the destination bucket. (B)

What is the recommended tool for logging bucket and object-level actions in Amazon S3?

AWS CloudTrail (D)

Which of the following best describes the method to achieve optimal performance when working with S3?

Scale storage connections horizontally by making multiple concurrent requests (B)

How can the performance of applications using Amazon S3 be understood and improved?

Through Amazon CloudWatch metrics (D)

What is one of the benefits of using Object Tags in relation to replication?

They ensure that only specific objects are replicated based on tags. (A)

What happens to retry requests for latency-sensitive applications in Amazon S3?

They may take a different path and could quickly succeed. (A)

What does SSE-S3 use to encrypt each object in Amazon S3?

A unique key for each object and rotates a master key (A)

Which encryption method allows for an audit trail of key usage?

SSE-KMS (B)

In which scenario must you specify the encryption algorithm during the request?

SSE-C (B)

What header is used to provide the encrypted key for SSE-C in Amazon S3?

x-amz-server-side-encryption-customer-key (B)

What type of encryption allows the user to manage the encryption keys directly?

SSE-C (A)

What feature does client-side encryption using AWS KMS provide when downloading an object?

A version of the encrypted data key embedded in the metadata (A)

Which option does NOT require any additional permissions for key usage?

SSE-S3 (B)

Which encryption standard is used by SSE-S3 for encrypting data?

256-bit AES (C)

What kind of keys does SSE-KMS support for added protection?

Customer-managed CMKs and AWS managed CMKs (D)

What is a use case for Amazon S3 event notifications?

To run workflows in response to object changes (B)

What is the primary advantage of accessing an S3 bucket from EC2 instances in the same AWS Region?

It reduces network latency and data transfer costs. (A)

What is the maximum archive size that can be uploaded to Glacier in a single operation?

4 GB (B)

Which retrieval tier in Glacier offers the fastest access to archived data?

S3 Glacier Instant Retrieval (D)

What happens to archived data after a retrieval request in Glacier?

The data is copied to S3 and the archive remains in Glacier. (A)

What is the minimum retrieval time for data stored in the S3 Glacier Flexible Retrieval tier?

Minutes to hours (A)

What is one of the main features of Amazon S3 Transfer Acceleration?

It manages fast transfers of files over long distances. (A)

How long do you have to download data after retrieving it from Glacier?

24 hours (C)

Which type of objects cannot be modified after they are uploaded to Glacier?

Archive objects (C)

What additional data is added to each object when transitioning to Glacier from other classes using lifecycle policies?

Indexing and archive metadata (B)

Which of the following is NOT a storage tier offered by Amazon S3 Glacier?

Glacier Standard Storage (B)

What is the maximum size of an object that can be uploaded in a single PUT request?

5 gigabytes (C)

What is the consistency model used for overwrite PUTS and DELETES in Amazon S3?

Eventual consistency (C)

What is the purpose of the Requester Pays function in Amazon S3?

To ensure that the requester pays for the cost of accessing objects (B)

What is the recommended way to access Amazon S3?

Through SDKs and APIs (D)

What is the purpose of Event notifications in Amazon S3?

To send alerts or trigger actions for specific events (B)

What is the primary purpose of using S3 Transfer Acceleration?

To enhance transfer speeds over long distances (A)

Which of the following statements about pre-signed URLs is true?

They allow temporary access to specific objects for users without credentials (B)

What is the limitation of bucket policies regarding size?

They are limited to 20 KB in size (C)

When uploading objects using multipart upload, which of the following is not an advantage?

Allows modifications to the object metadata during upload (C)

Which statement about static website hosting on S3 is false?

S3 can host dynamic content such as PHP scripts (B)

What is the primary purpose of Amazon S3 Cross Region Replication (CRR)?

To automatically replicate data across AWS Regions for disaster recovery and data redundancy (B)

Which of the following is NOT a requirement for enabling Cross Region Replication (CRR) in S3?

The source and destination buckets must be in the same AWS Region. (B)

Which of the following actions are NOT replicated during Cross Region Replication (CRR)?

Object ACL changes (B)

What is the key difference between Cross Region Replication (CRR) and Same Region Replication (SRR)?

CRR replicates data across AWS Regions, while SRR replicates data within the same AWS Region. (C)

What is the purpose of enabling S3 object tagging?

To facilitate data analysis and filtering of objects based on tags using CloudWatch metrics. (A)

What role does versioning play in Amazon S3?

It protects against accidental data overwrites and deletions. (D)

What happens to a DELETE marker when you delete an object in S3 with versioning enabled?

The DELETE marker is placed on the object, making it unavailable. (A)

Which statements are true regarding Amazon S3 server-side encryption?

SSE-S3 encrypts data with AES-256 using unique keys for each object. (C)

What must be configured before transitioning objects to the ONEZONE_IA class in S3?

Objects must be stored at least 30 days in the STANDARD_IA storage class. (C)

When versioning is enabled, who can permanently delete objects in an S3 bucket?

Only the S3 bucket owner. (C)

How does Amazon S3 ensure that replicated objects maintain their integrity and associated information?

By copying the object data along with its metadata, ACLs, and object tags. (D)

What is the primary function of S3 Inventory, in the context of Amazon S3 analytics?

Analyzing and reporting on the replication and encryption status of objects. (B)

Which of these strategies is NOT recommended for optimizing performance when interacting with Amazon S3?

Using byte-range fetches to retrieve portions of large objects. (C)

How does Amazon S3 server access logging differ from AWS CloudTrail logs in terms of logging capabilities?

Server access logging records detailed request information, while CloudTrail logs record a more generalized view of actions. (C)

Why does Amazon S3 recommend using CloudTrail for logging bucket and object-level actions?

CloudTrail offers more granular logging capabilities, enabling detailed auditing of actions on S3 resources. (C)

Which of the following is NOT a valid sub-resource associated with an Amazon S3 object?

Replication (D)

Which of the following is NOT a mechanism for controlling access to Amazon S3 resources?

CORS Configuration (D)

What is the purpose of the 'Access-Control-Allow-Origin' header in CORS configuration for Amazon S3?

To allow requests from specific origins or domains (D)

What is the main purpose of Amazon S3 Transfer Acceleration?

To minimize latency caused by distance (A)

Which Amazon S3 storage class is designed for objects that are accessed infrequently and are stored redundantly within a single Availability Zone?

One Zone-IA (C)

What is the key difference between S3 Glacier Deep Archive and S3 Glacier?

Retrieval times (A)

Which of the following statements about Amazon S3 bucket naming is TRUE?

Bucket names are case-sensitive. (B)

What happens when you retrieve an archive from Glacier?

The archive is copied to S3 and remains in Glacier (D)

What is the maximum size of a file that can be archived in Glacier?

1 byte to 40 TB (D)

How do you upload data to Glacier?

Using the CLI, SDKs, or APIs (B)

What encryption method uses 256-bit AES to secure data stored in Amazon S3?

Server-Side Encryption with S3 Managed Keys (SSE-S3) (D)

Which of the following features is unique to Server-Side Encryption with AWS KMS Keys (SSE-KMS) compared to others?

Provides an audit trail of key usage (B)

What headers must be specified when using Server-Side Encryption with Customer-Provided Keys (SSE-C)?

x-amz-server-side-encryption-customer-algorithm and x-amz-server-side-encryption-customer-key (A)

Which option correctly describes client-side encryption in relation to AWS services?

Objects are encrypted before they are sent to Amazon S3. (B)

Which type of encryption allows users to manage their own encryption keys and also specify where keys are stored?

Server-Side Encryption with Customer-Provided Keys (SSE-C) (D)

Flashcards are hidden until you start studying

Study Notes

Amazon S3 Overview

• Amazon S3 is an object storage service that allows storing and retrieving any amount of data from anywhere on the Internet.
• It's a simple storage service that offers an extremely durable, highly available, and infinitely scalable data storage infrastructure at very low costs.

Key Features

• Distributed architecture with objects redundantly stored on multiple devices across multiple facilities (AZs) in an Amazon S3 region.
• Simple key-based object store with keys that can be any string and can be constructed to mimic hierarchical attributes.
• Supports S3 Object Tagging to organize data across all S3 buckets and/or prefixes.
• Provides a simple, standards-based REST web services interface that is designed to work with any Internet-development toolkit.

Storage Details

• Files can be from 0 bytes to 5TB in size.
• The largest object that can be uploaded in a single PUT is 5 gigabytes.
• Objects larger than 100 megabytes require the Multipart Upload capability.
• Updates to an object are atomic, ensuring either the new object or the old one is retrieved, never partial or corrupt data.

Access Control

• Access to buckets and objects can be granted to AWS accounts, IAM users, and federated users.
• Supports four mechanisms for controlling access to Amazon S3 resources: IAM permissions, Bucket Policies, ACLs, and Query String Authentication.
• Requester pays function causes the requester to pay (removes anonymous access) and provides time-limited access to objects.

Data Consistency

• Provides read after write consistency for PUTS of new objects.
• Provides eventual consistency for overwrite PUTS and DELETES (takes time to propagate).

Additional Capabilities

• Supports unlimited storage with automatic scaling to high request rates.
• Allows for event notifications for specific actions, sending alerts or triggering actions.
• Supports cross-region replication with versioning enabled on both source and destination buckets.
• Enables fast, easy, and secure transfers of files over long distances with Amazon S3 Transfer Acceleration.

Storage Classes

• Offers six storage classes: S3 Standard, S3 Infrequent Access, S3 One Zone-Infrequent Access, S3 Glacier, S3 Glacier Deep Archive, and S3 Intelligent-Tiering.

Bucket Management

• Buckets are region-specific and have a unique namespace.
• Bucket names can be up to 63 characters and must be DNS-compliant.
• Supports up to 100 buckets per account by default, and objects can be stored in folders within buckets.
• Bucket ownership is not transferable, and bucket names cannot be changed after creation.

Objects and Sub-Resources

• Each object is stored and retrieved by a unique key (ID or name).
• Sub-resources are subordinate to objects, including object tags, access control lists (ACLs), and metadata.

Security and Encryption

• Supports server-side encryption options: SSE-S3, SSE-KMS, and SSE-C.
• Enables client-side encryption using customer-provided encryption keys.
• Supports encryption and decryption of data in transit using SSL/TLS.

Event Notifications

• Supports event notifications for specific actions, such as PUTs, POSTs, COPYs, or DELETEs.
• Enables notifications to be sent to Amazon SNS, Amazon SQS, or AWS Lambda.

Metrics and Analytics

• Supports Amazon S3 CloudWatch metrics for request and storage data.
• Enables configuration of filters for metrics using a prefix or object tag.

Cross-Region Replication

• Automatically replicates data across AWS Regions with Cross-Region Replication (CRR).

• Requires versioning to be enabled on both the source and destination buckets.

• Supports automatic, asynchronous copying of objects between buckets in different regions.### Cross-Region Replication (CRR)

• Source and destination buckets must be in different regions.

• Replication is 1:1 (one source bucket to one destination bucket).

• You can configure separate S3 Lifecycle rules on the source and destination buckets.

• You can replicate KMS-encrypted objects by providing a destination KMS key in your replication configuration.

• You can set up CRR across AWS accounts to store your replicated data in a different account in the target region.

• To activate CRR, you need to configure the replication on the source bucket.

• Replicas will be exact replicas and share the same key names and metadata.

• You can specify a different storage class (by default, the source storage class will be used).

• AWS S3 will encrypt data in-transit with SSL.

Same Region Replication (SRR)

• SRR allows you to replicate objects to a destination bucket within the same region as the source bucket.
• Replication is automatic and asynchronous.
• New objects uploaded to an Amazon S3 bucket are configured for replication at the bucket, prefix, or object tag levels.
• Replicated objects can be owned by the same AWS account as the original copy or by different accounts, to protect from accidental deletion.
• Replication can be to any Amazon S3 storage class, including S3 Glacier and S3 Glacier Deep Archive to create backups and long-term archives.

S3 Analytics

• S3 Analytics allows you to run analytics on data stored on Amazon S3.
• This includes data lakes, IoT streaming data, machine learning, and artificial intelligence.
• You can use S3 Inventory to audit and report on the replication and encryption status of your objects for business, compliance, and regulatory needs.

S3 Inventory

• S3 Inventory provides comma-separated values (CSV), Apache optimized row columnar (ORC) or Apache Parquet (Parquet) output files that list your objects and their corresponding metadata on a daily or weekly basis for an S3 bucket or a shared prefix.
• You can use S3 Inventory to audit and report on the replication and encryption status of your objects for business, compliance, and regulatory needs.

Monitoring and Reporting

• Amazon CloudWatch metrics for Amazon S3 can help you understand and improve the performance of applications that use Amazon S3.
• You can use CloudWatch with Amazon S3 to monitor and report on performance.

Logging and Auditing

• You can record the actions taken by users, roles, or AWS services on Amazon S3 resources and maintain log records for auditing and compliance purposes.
• You can use Amazon S3 server access logging, AWS CloudTrail logs, or a combination of both to log and audit actions on Amazon S3 resources.

S3 Performance Guidelines

• Measure Performance: Look at network throughput, CPU, and DRAM requirements when optimizing performance.
• Scale Storage Connections Horizontally: Issue multiple concurrent requests to Amazon S3 and spread them over separate connections to maximize the accessible bandwidth from Amazon S3.
• Use Byte-Range Fetches: Fetch a byte-range from an object using the Range HTTP header in a GET Object request to achieve higher aggregate throughput.
• Retry Requests for Latency-Sensitive Applications: Aggressive timeouts and retries help drive consistent latency.
• Combine Amazon S3 (Storage) and Amazon EC2 (Compute) in the Same AWS Region: Access the bucket from Amazon EC2 instances in the same AWS Region when possible to reduce network latency and data transfer costs.
• Use Amazon S3 Transfer Acceleration to Minimize Latency Caused by Distance: Use Amazon S3 Transfer Acceleration to minimize latency caused by distance between the client and an S3 bucket.

Glacier

• Glacier is an archiving storage solution for infrequently accessed data.
• There are three storage tiers: S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval (Formerly S3 Glacier), and Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive).
• The key difference between the top tiers is that Deep Archive is lower cost, but retrieval times are much longer (12 hours).
• Archived objects are not available for real-time access, and you need to submit a retrieval request.
• Glacier must complete a job before you can get its output.
• Requested archival data is copied to S3 One Zone-IA.
• Following retrieval, you have 24 hours to download your data.
• You cannot specify Glacier as the storage class at the time you create an object.
• Glacier is designed to sustain the loss of two facilities.
• Glacier automatically encrypts data at rest using AES 256 symmetric keys and supports secure transfer of data over SSL.
• Glacier may not be available in all AWS regions.
• Glacier objects are visible through S3 only (not Glacier directly).
• Glacier does not archive object metadata; you need to maintain a client-side database to maintain this information.
• Archives can be 1 byte up to 40TB.
• Glacier file archives of 1 byte – 4 GB can be performed in a single operation.
• Glacier file archives from 100MB up to 40TB can be uploaded to Glacier using the multipart upload API.
• Uploading archives is synchronous, and downloading archives is asynchronous.
• The contents of an archive that has been uploaded cannot be modified.
• You can upload data to Glacier using the CLI, SDKs, or APIs – you cannot use the AWS Console.
• Glacier adds 32-40KB (indexing and archive metadata) to each object when transitioning from other classes using lifecycle policies.
• AWS recommends that if you have lots of small objects, they are combined in an archive (e.g., zip file) before uploading.
• A description can be added to archives, but no other metadata can be added.
• Glacier archive IDs are added upon upload and are unique for each upload.

Archive Retrieval

• You can retrieve parts of an archive.
• When data is retrieved, it is copied to S3, and the archive remains in Glacier, and the storage class does not change.
• AWS SNS can send notifications when retrieval jobs are complete.
• Retrieved data is available for 24 hours by default (can be changed).
• To retrieve specific objects within an archive, you can specify the byte range (Range) in the HTTP GET request (need to maintain a DB of byte ranges).

Glacier Charges

• There is no charge for data transfer between EC2 and Glacier in the same region.
• There is a charge if you delete data within 90 days.
• When you restore, you pay for:

Amazon S3 Overview

• Amazon S3 is an object storage service that allows storing and retrieving any amount of data from anywhere on the Internet.
• It's a simple storage service that offers an extremely durable, highly available, and infinitely scalable data storage infrastructure at very low costs.

Key Features

• Distributed architecture with objects redundantly stored on multiple devices across multiple facilities (AZs) in an Amazon S3 region.
• Simple key-based object store with keys that can be any string and can be constructed to mimic hierarchical attributes.
• Supports S3 Object Tagging to organize data across all S3 buckets and/or prefixes.
• Provides a simple, standards-based REST web services interface that is designed to work with any Internet-development toolkit.

Storage Details

• Files can be from 0 bytes to 5TB in size.
• The largest object that can be uploaded in a single PUT is 5 gigabytes.
• Objects larger than 100 megabytes require the Multipart Upload capability.
• Updates to an object are atomic, ensuring either the new object or the old one is retrieved, never partial or corrupt data.

Access Control

• Access to buckets and objects can be granted to AWS accounts, IAM users, and federated users.
• Supports four mechanisms for controlling access to Amazon S3 resources: IAM permissions, Bucket Policies, ACLs, and Query String Authentication.
• Requester pays function causes the requester to pay (removes anonymous access) and provides time-limited access to objects.

Data Consistency

• Provides read after write consistency for PUTS of new objects.
• Provides eventual consistency for overwrite PUTS and DELETES (takes time to propagate).

Additional Capabilities

• Supports unlimited storage with automatic scaling to high request rates.
• Allows for event notifications for specific actions, sending alerts or triggering actions.
• Supports cross-region replication with versioning enabled on both source and destination buckets.
• Enables fast, easy, and secure transfers of files over long distances with Amazon S3 Transfer Acceleration.

Storage Classes

• Offers six storage classes: S3 Standard, S3 Infrequent Access, S3 One Zone-Infrequent Access, S3 Glacier, S3 Glacier Deep Archive, and S3 Intelligent-Tiering.

Bucket Management

• Buckets are region-specific and have a unique namespace.
• Bucket names can be up to 63 characters and must be DNS-compliant.
• Supports up to 100 buckets per account by default, and objects can be stored in folders within buckets.
• Bucket ownership is not transferable, and bucket names cannot be changed after creation.

Objects and Sub-Resources

• Each object is stored and retrieved by a unique key (ID or name).
• Sub-resources are subordinate to objects, including object tags, access control lists (ACLs), and metadata.

Security and Encryption

• Supports server-side encryption options: SSE-S3, SSE-KMS, and SSE-C.
• Enables client-side encryption using customer-provided encryption keys.
• Supports encryption and decryption of data in transit using SSL/TLS.

Event Notifications

• Supports event notifications for specific actions, such as PUTs, POSTs, COPYs, or DELETEs.
• Enables notifications to be sent to Amazon SNS, Amazon SQS, or AWS Lambda.

Metrics and Analytics

• Supports Amazon S3 CloudWatch metrics for request and storage data.
• Enables configuration of filters for metrics using a prefix or object tag.

Cross-Region Replication

• Automatically replicates data across AWS Regions with Cross-Region Replication (CRR).

• Requires versioning to be enabled on both the source and destination buckets.

• Supports automatic, asynchronous copying of objects between buckets in different regions.### Cross-Region Replication (CRR)

• Source and destination buckets must be in different regions.

• Replication is 1:1 (one source bucket to one destination bucket).

• You can configure separate S3 Lifecycle rules on the source and destination buckets.

• You can replicate KMS-encrypted objects by providing a destination KMS key in your replication configuration.

• You can set up CRR across AWS accounts to store your replicated data in a different account in the target region.

• To activate CRR, you need to configure the replication on the source bucket.

• Replicas will be exact replicas and share the same key names and metadata.

• You can specify a different storage class (by default, the source storage class will be used).

• AWS S3 will encrypt data in-transit with SSL.

Same Region Replication (SRR)

• SRR allows you to replicate objects to a destination bucket within the same region as the source bucket.
• Replication is automatic and asynchronous.
• New objects uploaded to an Amazon S3 bucket are configured for replication at the bucket, prefix, or object tag levels.
• Replicated objects can be owned by the same AWS account as the original copy or by different accounts, to protect from accidental deletion.
• Replication can be to any Amazon S3 storage class, including S3 Glacier and S3 Glacier Deep Archive to create backups and long-term archives.

S3 Analytics

• S3 Analytics allows you to run analytics on data stored on Amazon S3.
• This includes data lakes, IoT streaming data, machine learning, and artificial intelligence.
• You can use S3 Inventory to audit and report on the replication and encryption status of your objects for business, compliance, and regulatory needs.

S3 Inventory

• S3 Inventory provides comma-separated values (CSV), Apache optimized row columnar (ORC) or Apache Parquet (Parquet) output files that list your objects and their corresponding metadata on a daily or weekly basis for an S3 bucket or a shared prefix.
• You can use S3 Inventory to audit and report on the replication and encryption status of your objects for business, compliance, and regulatory needs.

Monitoring and Reporting

• Amazon CloudWatch metrics for Amazon S3 can help you understand and improve the performance of applications that use Amazon S3.
• You can use CloudWatch with Amazon S3 to monitor and report on performance.

Logging and Auditing

• You can record the actions taken by users, roles, or AWS services on Amazon S3 resources and maintain log records for auditing and compliance purposes.
• You can use Amazon S3 server access logging, AWS CloudTrail logs, or a combination of both to log and audit actions on Amazon S3 resources.

S3 Performance Guidelines

• Measure Performance: Look at network throughput, CPU, and DRAM requirements when optimizing performance.
• Scale Storage Connections Horizontally: Issue multiple concurrent requests to Amazon S3 and spread them over separate connections to maximize the accessible bandwidth from Amazon S3.
• Use Byte-Range Fetches: Fetch a byte-range from an object using the Range HTTP header in a GET Object request to achieve higher aggregate throughput.
• Retry Requests for Latency-Sensitive Applications: Aggressive timeouts and retries help drive consistent latency.
• Combine Amazon S3 (Storage) and Amazon EC2 (Compute) in the Same AWS Region: Access the bucket from Amazon EC2 instances in the same AWS Region when possible to reduce network latency and data transfer costs.
• Use Amazon S3 Transfer Acceleration to Minimize Latency Caused by Distance: Use Amazon S3 Transfer Acceleration to minimize latency caused by distance between the client and an S3 bucket.

Glacier

• Glacier is an archiving storage solution for infrequently accessed data.
• There are three storage tiers: S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval (Formerly S3 Glacier), and Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive).
• The key difference between the top tiers is that Deep Archive is lower cost, but retrieval times are much longer (12 hours).
• Archived objects are not available for real-time access, and you need to submit a retrieval request.
• Glacier must complete a job before you can get its output.
• Requested archival data is copied to S3 One Zone-IA.
• Following retrieval, you have 24 hours to download your data.
• You cannot specify Glacier as the storage class at the time you create an object.
• Glacier is designed to sustain the loss of two facilities.
• Glacier automatically encrypts data at rest using AES 256 symmetric keys and supports secure transfer of data over SSL.
• Glacier may not be available in all AWS regions.
• Glacier objects are visible through S3 only (not Glacier directly).
• Glacier does not archive object metadata; you need to maintain a client-side database to maintain this information.
• Archives can be 1 byte up to 40TB.
• Glacier file archives of 1 byte – 4 GB can be performed in a single operation.
• Glacier file archives from 100MB up to 40TB can be uploaded to Glacier using the multipart upload API.
• Uploading archives is synchronous, and downloading archives is asynchronous.
• The contents of an archive that has been uploaded cannot be modified.
• You can upload data to Glacier using the CLI, SDKs, or APIs – you cannot use the AWS Console.
• Glacier adds 32-40KB (indexing and archive metadata) to each object when transitioning from other classes using lifecycle policies.
• AWS recommends that if you have lots of small objects, they are combined in an archive (e.g., zip file) before uploading.
• A description can be added to archives, but no other metadata can be added.
• Glacier archive IDs are added upon upload and are unique for each upload.

Archive Retrieval

• You can retrieve parts of an archive.
• When data is retrieved, it is copied to S3, and the archive remains in Glacier, and the storage class does not change.
• AWS SNS can send notifications when retrieval jobs are complete.
• Retrieved data is available for 24 hours by default (can be changed).
• To retrieve specific objects within an archive, you can specify the byte range (Range) in the HTTP GET request (need to maintain a DB of byte ranges).

Glacier Charges

• There is no charge for data transfer between EC2 and Glacier in the same region.
• There is a charge if you delete data within 90 days.
• When you restore, you pay for: