11 S3 - gannurohith/devops-interview-wiki GitHub Wiki
Amazon Route 53:
-
What is Amazon Route 53? A scalable and highly available Domain Name System (DNS) web service.
-
What routing policies are supported in Route 53?
- Simple
- Weighted
- Latency-based
- Failover
- Geolocation
- Geoproximity
- Multi-value answer
-
What is a hosted zone? A container for DNS records associated with a domain.
-
What is the difference between public and private hosted zones?
- Public: accessible over the internet.
- Private: used within one or more VPCs.
-
What is a health check in Route 53? Monitors the health of endpoints to determine DNS response behavior.
Amazon CloudFront (CDN):
-
What is CloudFront? A Content Delivery Network (CDN) that caches content at edge locations to reduce latency.
-
What are edge locations in CloudFront? Global data centers that serve cached copies of content to users.
-
What is an origin in CloudFront? The source of content, such as an S3 bucket or an EC2 instance.
-
How can CloudFront restrict access to S3 content? Use signed URLs or signed cookies with Origin Access Control (OAC).
-
How do you invalidate CloudFront cache? Submit an invalidation request using the AWS Console or CLI.
-
What is Field-Level Encryption in CloudFront? Encrypts sensitive data at the application layer before it is sent to the origin.
-
How does CloudFront integrate with WAF? AWS WAF can be associated with CloudFront to protect against common web exploits.
Amazon S3:
-
What is Amazon S3? An object storage service that offers scalability, data availability, security, and performance.
-
What are S3 storage classes?
- Standard
- Intelligent-Tiering
- One Zone-IA
- Glacier
- Glacier Deep Archive
-
How do you secure access to S3 buckets? Use bucket policies, IAM policies, ACLs, and block public access settings.
-
What is bucket versioning? Allows you to preserve, retrieve, and restore every version of every object stored in your bucket.
-
How can you serve static websites from S3? Enable static website hosting and point Route 53 alias record to the S3 website endpoint.
-
What is an S3 lifecycle rule? A policy to automatically transition objects to different storage classes or delete them.
-
What is a pre-signed URL in S3? A URL that grants temporary access to a private object.
-
How do you enable encryption in S3?
- Server-Side Encryption with S3-Managed Keys (SSE-S3)
- SSE with KMS-Managed Keys (SSE-KMS)
- SSE with Customer-Provided Keys (SSE-C)
-
What is S3 Transfer Acceleration? Speeds up uploads using CloudFront edge locations.
-
What is a multipart upload in S3? Uploads large objects in parts for improved performance and reliability.
-
What is S3 Event Notification? Automatically triggers workflows using Lambda, SNS, or SQS when objects are uploaded or deleted.
-
How do you log access requests in S3? Enable server access logging or CloudTrail data event logging.
-
What happens when you delete a versioned object? A delete marker is added; object data still exists until the version is deleted.
-
Can S3 be mounted as a file system? Yes, using tools like s3fs-fuse or AWS Storage Gateway.
-
What are common reasons for Access Denied (403) errors in S3?
- Block Public Access enabled
- Insufficient bucket or IAM policy
- Missing permissions on object
-
How do S3 and CloudFront work together? S3 serves as the origin; CloudFront caches and distributes content with lower latency.
-
What is Intelligent-Tiering in S3? Automatically moves data between access tiers based on usage patterns.
-
How do you delete all objects in an S3 bucket? Use AWS CLI:
aws s3 rm s3://bucket-name --recursive