Uncategorised

AWS Certified Solutions Architect Exam Guide – Chapter-2

April 25, 2021 comments off

Know what Amazon S3 is and what it is commonly used for.
Amazon S3 is secure, durable, and highly scalable cloud storage that can be used to store an unlimited amount of data in almost any format using a simple web services interface. Common use cases include backup and archive, content storage and distribution, big data analytics, static website hosting, cloud-native application hosting, and disaster recovery.

Understand how object storage differs from block and file storage.
Amazon S3 cloud object storage manages data at the application level as objects using a REST API built on HTTP. Block storage manages data at the operating system level as numbered addressable blocks using protocols such as SCSI or Fibre Channel. File storage manages data as shared files at the operating system level using a protocol such as CIFS or NFS.

Understand the basics of Amazon S3.
Amazon S3 stores data in objects that contain data and metadata. Objects are identified by a user-defined key and are stored in a simple flat folder called a bucket. Interfaces include a native REST interface, SDKs for many languages, an AWS CLI, and the AWS Management Console.
Know how to create a bucket; how to upload, download, and delete objects; how to make objects public; and how to open an object URL.

Understand the durability, availability, and data consistency model of Amazon S3.
Amazon S3 standard storage is designed for 11 nines durability and four nines availability of objects over a year. Other storage classes differ. Amazon S3 is eventually consistent, but offers read-after-write consistency for PUTs to new objects.

Know how to enable static website hosting on Amazon S3.
To create a static website on Amazon S3, you must create a bucket with the website hostname, upload your static content and make it public, enable static website hosting on the bucket, and indicate the index and error page objects.

Know how to protect your data on Amazon S3.
Encrypt data in flight using HTTPS and at rest using SSE or client-side encryption. Enable versioning to keep multiple versions of an object in a bucket. Enable MFA Delete to protect against accidental deletion. Use ACLs Amazon S3 bucket policies and AWS IAM policies for access control. Use pre-signed URLs for time-limited download access. Use cross-region replication to automatically replicate data to another region.

Know the use case for each of the Amazon S3 storage classes.
Standard is for general purpose data that needs high durability, high performance, and low latency access. Standard-IA is for data that is less frequently accessed, but that needs the same performance and availability when accessed. RRS offers lower durability at lower cost for easily replicated data. Amazon Glacier is for storing rarely accessed archival data at lowest cost, when three-to five-hour retrieval time is acceptable.

Know how to use lifecycle configuration rules.
Lifecycle rules can be configured in the AWS Management Console or the APIs. Lifecycle configuration rules define actions to transition objects from one storage class to another based on time.
Know how to use Amazon S3 event notifications. Event notifications are set at the bucket level and can trigger a message in Amazon SNS or Amazon SQS or an action in AWS Lambda in response to an upload or delete of an object.

Know the basics of Amazon Glacier as a standalone service. Data is stored in encrypted archives that can be as large as 40TB. Archives typically contain TAR or ZIP files. Vaults are containers for archives, and vaults can be locked for compliance.

Exercises
For assistance in completing the following exercise, reference the following documentation:
Getting started with Amazon S3:
http://docs.aws.amazon.com/AmazonS3/latest/gsg/GetStartedWithS3.html
Setting up a static website:
http://docs.aws.amazon.com/AmazonS3/latest/dev/HostingWebsite0nS3Setup.html
Using versioning:
http://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html
Object Lifecycle Management:
http://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

EXERCISE 2.1
Create an Amazon Simple Storage Service (Amazon S3) Bucket
In this exercise, you will create a new Amazon S3 bucket in your selected region. You will use this bucket in the following exercises.

  • Log in to the AWS Management Console.
  • Choose an appropriate region, such as US West (Oregon).
  • Navigate to the Amazon S3 console. Notice that the region indicator now says Global. Remember that Amazon S3 buckets form a global namespace, even though each bucket is created in a specific region.
  • Start the create bucket process.
  • When prompted for Bucket Name, use mynewbucket.
  • Choose a region, such as US West (Oregon).
  • Try to create the bucket. You almost surely will get a message that the requested bucket name is not available. Remember that a bucket name must be unique globally.
  • Try again using your surname followed by a hyphen and then today’s date in a six-digit format as the bucket name (a bucket name that is not likely to exist already). You should now have a new Amazon S3 bucket.

EXERCISE 2.2
Upload, Make Public, Rename, and Delete Objects in Your Bucket
In this exercise, your will upload a new object to your bucket. You will then make this object public and view the object in your browser. You will then rename the object and finally delete if from the bucket.

Upload an Object

  • Load your new bucket in the Amazon S3 console.
  • Select Upload, then Add Files.
  • Locate a file on your PC that you are okay with uploading to Amazon S3 and making public to the Internet. (We suggest using a non-personal image file for the purposes of this exercise.)
  • Select a suitable file, then Start Upload. You will see the status of your file in the Transfers section.
  • After your file is uploaded, the status should change to Done.

    The file you uploaded is now stored as an Amazon S3 object and should be now listed in the contents of your bucket.

Open the Amazon S3 URL

  • Now open the properties for the object. The properties should include bucket, name, and link.
  • Copy the Amazon S3 URL for the object.
  • Paste the URL in the address bar of a new browser window or tab.

You should get a message with an XML error code AccessDenied. Even though the object has URL, it is private by default, so it cannot be accessed by a web browser.

Make the Object Public

  • Go back to the Amazon S3 Console and select Make Public. (Equivalently, you can change the object’s permissions and add grantee Everyone and permissions Open/Download.)
  • Copy the Amazon S3 URL again and try to open it in a browser or tab. Your public image file should now display in the browser or browser tab.

Rename Object

  • In the Amazon S3 console, select Rename.
  • Rename the object, but keep the same file extension.
  • Copy the new Amazon S3 URL and try to open it in a browser or tab. You should see the same image file.

Delete the Object

  • In the Amazon S3 console, select Delete. Select OK when prompted if you want to delete the object.
  • The object has now been deleted.
  • To verify, try to reload the deleted object’s Amazon S3 URL.

You should once again get XML AccessDenied error message.

EXERCISE 2.3

Enable Version Control
In this exercise, you will enable version control on your newly created bucket.

Enable Versioning

  • In the Amazon S3 console, load the properties of your bucket. Don’t open the bucket.
  • Enable versioning in the properties and select OK to verify. Your bucket now has versioning enabled. (Note that versioning can be suspended, but not turned off.)

Create Multiple Version of an Object

  • Create a text file named foo.txt on your computer and write the word blue in the text file.
  • Save the text file to a location of your choosing.
  • Upload the text file to your bucket. This will be version 1.
  • After you have uploaded the text file to your bucket, open the copy on your local computer and change the word blue to red. Save the text file with the original filename.
  • Upload the modified file to your bucket.
  • Select Show Versions on the uploaded object.

You will now see two different versions of the object with different Version IDs and possibly different sizes. Note that when you select Show Version, the Amazon S3 URL now includes the version ID in the query string after the object name.

EXERCISE 2.4

Delete an Object and then Restore It
In this exercise, you will delete an object in your Amazon S3 bucket and then restore it.

Delete an Object

  • Open the bucket containing the text file for which you now have two versions.
  • Select Hide Versions.
  • Select Delete, and then select OK to verify.
  • Your object will now be deleted, and you can no longer see the object.
  • Select Show Versions.
    Both versions of the object now show their version IDs.

Restore an Object

  • Open your bucket.
  • Select Show Versions.
  • Select the oldest version and download the object. Note that the filename is simply foo.txt with no version indicator.
  • Upload foo.txt to the same bucket.
  • Select Hide Versions, and the file foo.txt should re-appear.

Note
To restore a version, you copy the desired version into the same bucket. In the Amazon S3 console, this requires a download then re-upload of the object. Using APIs, SDKs, or AWS CLI, you can copy a version directly without downloading and re-uploading.

EXERCISE 2.5

Lifecycle Management
In this exercise, you will explore the various options for lifecycle management.

  • Select your bucket in the Amazon S3 console.
  • Under Properties, add a Lifecycle Rule.
  • Explore the various options to add lifecycle rules to objects in this bucket. It is recommended that you do not implement any of these option, as you may incur additional costs. After you have finished, click the Cancel button.
    Note
    Most lifecycle rules require some number of days to expire before the transition takes effect. For example, it takes a minimum of 30 days to transition from Amazon S3 Standard to Amazon S3 Standard-IA. This makes it impractical to create a lifecycle rule and see the actual result in an exercise.

EXERCISE 2.6
Enable Static Hosting on Your Bucket
In this exercise, your will enable static hosting on your newly created bucket.

  • Select your bucket in the Amazon S3 console.
  • In the Properties section, select Enable Website Hosting.
  • For the index document name, enter index.txt, and for the error document name, enter error.txt.
  • Use a text editor to create two text files and save them as index.txt and error.txt. In the index.txt file, write the phrase “Hello World,” and in the error.txt file, write the phrase “Error Page.” Save both text files and upload them to your bucket.
  • Make the two objects public.
  • Copy the Endpoint: link under Static Website Hosting and paste it in a browser window or tab. You should now see the phrase “Hello World” displayed.
  • In the address bar in your browser, try adding a forward slash followed by a made-up filename (for example, /test.html). You should now see the phrase “Error Page” displayed.
  • To clean up, delete all of the objects in your bucket and then delete the bucket itself.

    Review Questions

In what ways does Amazon Simple Storage Service (Amazon S3) object storage differ from block and file storage? (Choose 2 answers)

  • Amazon S3 stores data in fixed size blocks.
  • Objects are identified by a numbered address.
  • Objects can be any size.
  • Objects contain both data and metadata.
  • Objects are stored in buckets.

Which of the following are not appropriates use cases for Amazon Simple Storage Service (Amazon S3)? (Choose 2 answers)

  • Storing web content
  • Storing a file system mounted to an Amazon Elastic Compute Cloud (Amazon EC2) instance
  • Storing backups for a relational database
  • Primary storage for a database
  • Storing logs for analytics

What are some of the key characteristics of Amazon Simple Storage Service (Amazon S3)? (Choose 3 answers)

  • All objects have URL.
  • Amazon S3 can store unlimited amounts of data.
  • Objects are world-readable by default.
  • Amazon S3 uses a REST (Representational State Transfer) Application Program Interface (API).
  • You must pre-allocate the storage in a bucket.

Which features can be used to restrict access to Amazon Simple Storage Service (Amazon S3) data? (Choose 3 answers)

  • Enable static website hosting on the bucket.
  • Create a pre-signed URL for an object.
  • Use an Amazon S3 Access Control List (ACL) on a bucket or object
  • Use a lifecycle policy.
  • Use an Amazon S3 bucket policy.

Your application stores critical data in Amazon Simple Storage Service (Amazon S3), which must be protected against inadvertent or intentional deletion. How can this data be protected? (Choose 2 answers)

  • Use cross-region replication to copy data to another bucket automatically.
  • Set a vault lock.
  • Enable versioning on the bucket.
  • Use a lifecycle policy to migrate data to Amazon Glacier.
  • Enable MFA Delete on the bucket.

Your company stores documents in Amazon Simple Storage Service (Amazon S3), but it wants to minimize cost. Most documents are used actively for only about a month, then much less frequently. However, all data needs to be available within minutes when requested. How can you meet these requirements?

  • Migrate the data to Amazon S3 Reduced Redundancy Storage (RRS) after 30 days.
  • Migrate the data to Amazon Glacier after 30 days.
  • Migrate the data to Amazon S3 Standard-Infrequent Access (IA) after 30 days.
  • Turn on versioning, then migrate the older version to Amazon Glacier.

How is data stored in Amazon Simple Storage Service (Amazon S3) for high durability?

  • Data is automatically replicated to other regions.
  • Data is automatically replicated within a region.
  • Data is replicated only if versioning is enabled on the bucket.
  • Data is automatically backed up on tape and restored if needed.

Based on the following Amazon Simple Storage Service (Amazon S3) URL, which one of the following statements is correct?
https://bucket1.abc.com.s3.amazonaws.com/folderx/myfile.doc

  • The object “myfile.doc” is stored in the folder “folderx” in the bucket “bucket1.abc.com.”
  • The object “myfile.doc” is stored in the bucket “bucket1.abc.com”
  • The object “folderx/myfile.doc” is stored in the bucket “bucket1.abc.com.”
  • The object “myfile.doc” is stored in the bucket “bucket1.”

To have a record of who accessed your Amazon Simple Storage Service (Amazon S3) data and from where, you should do what?

  • Enable versioning on the bucket.
  • Enable website hosting on the bucket.
  • Enable server access logs on the bucket.
  • Create an AWS Identity and Access Management (IAM) bucket policy.
  • Enable Amazon CloudWatch logs.

What are some reasons to enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 2 answers)

  • You want a backup of your data in case of accidental deletion.
  • You have a set of users or customers who can access the second bucket with lower latency.
  • For compliance reasons, you need to store data in location at least 300 miles away from the first region.
  • Your data needs at least five nines of durability. 

Your company requires that all data sent to external storage be encrypted before being sent. Which Amazon Simple Storage Service (Amazon S3) encryption solution will meet this requirement?

  • Server-Side Encryption (SSE) with AWS-managed keys (SSE-S3)
  • SSE with customer-provided keys (SSE-C)
  • Client-side encryption with customer-managed keys
  • Server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS)

You have a popular web application that accesses data stored in an Amazon Simple Storage Service (Amazon S3) bucket. You expect the access to be very read-intensive, with expected request rates of up to 500 GETs per second from many clients. How can you increase the performance and scalability of Amazon S3 in this case?

  • Turn on cross-region replication to ensure that data is served from multiple locations.
  • Ensure randomness in the namespace by including a hash prefix to key names.
  • Turn on server access logging.
  • Ensure that key names are sequential to enable pre-fetch.

What is needed before you can enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 2 answers)

  • Enable versioning on the bucket.
  • Enable a lifecycle rule to migrate data to the second region.
  • Enable static website hosting.
  • Create an AWS Identity and Access Management (IAM) policy to allow Amazon S3 to replicate objects on your behalf.

Your company has 100TB of financial records that need to be stored for seven years by law. Experience has shown that any record more than one-year old is unlikely to be accessed. Which of the following storage plans meets these needs in the most cost efficient manner?

  • Store the data on Amazon Elastic Block Store (Amazon EBS) volumes attached to t2.micro instances.
  • Store the data on Amazon Simple Storage Service (Amazon S3) with lifecycle policies that change the storage class to Amazon Glacier after one year and delete the object after seven years.
  • Store the data in Amazon DyanmoDB and run daily script to delete data older than seven years.
  • Store the data in Amazon Elastic MapReduce (Amazon EMR).

Amazon Simple Storage Service (S3) bucket policies can restrict access to an Amazon S3 bucket and objects by which of the following? (Choose 3 answers)

  • Company name
  • IP address range
  • AWS account
  • Country of origin
  • Objects with a specific prefix

Amazon Simple Storage Service (Amazon S3) is an eventually consistent storage system. For what kinds of operations is it possible to get stale data as a result of eventual consistency?
(Choose 2 answers)

  • GET after PUT of a new object
  • GET or LIST after a DELETE
  • GET after overwrite PUT (PUT to an existing key)
  • DELETE after PUT of new object

What must be done to host a static website in an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 3 answers)

  • Configure the bucket for static hosting and specify an index and error document.
  • Create a bucket with the same name as the website.
  • Enable File Transfer Protocol (FTP) on the bucket.
  • Make the objects in the bucket world-readable.
  • Enable HTTP on the bucket.

You have valuable media files hosted on AWS and want them to be served only to authenticated users of your web application. You are concerned that your content could be stolen and distributed for free. How can you protect your content?

  • Use static web hosting.
  • Generate pre-signed URLs for content in the web application.
  • Use AWS Identity and Access Management (IAM) policies to restrict access.
  • Use logging to track your content.

Amazon Glacier is well-suited to data that is which of the following? (Choose 2 answers)

  • Is infrequently or rarely accessed
  • Must be immediately available when needed
  • Is available after a three-to five-hour restore period
  • Is frequently erased within 30 days

Which statements about Amazon Glacier are true? (Choose 3 answers)

  • Amazon Glacier stores data in objects that live in archives.
  • Amazon Glacier archives are identified by user-specified key names.
  • Amazon Glacier archives take three to five hours to restore.
  • Amazon Glacier vaults can be locked.
  • Amazon Glacier can be used as a standalone service and as an Amazon S3 storage class.
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)