7. S3 Version Control

i) We can version files in S3.
ii) Versioning is enabled at bucket level
iii) We get a new version anytime we update a file like Version 1, Version 2, Version 3…
iv) Its best practice to version the buckets as it protects against unintended deletes (ability to restore a version). So if someone deletes a file, we will be able to restore the file back to a previous version. Or if wrong file is uploaded, we can easily roll back to previous version.
v) Any file that is not versioned prior to enabling versioning will have version ‘NULL’
vi) Suspend versioning does not delete previous versions.
vii) Stores all versions of an object (including all writes and even if we delete an object)
viii) Great backup tool
ix) Once enabled, versioning cannot be disabled, only suspended
x) Also integrates with Lifecycle rules
xi) Versioning also comes with MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security.
xii) When we upload new version then its automatically going to be private. But the older versions permissions do not change.
xiii) When we hide the version and try to delete a file then delete marker file will be created. To restore the file we have to delete the delete marker file. If we want to delete the file permanently without delete marker creation then do this activity by selecting show version.

Versioning is a means of keeping multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. Versioning-enabled buckets enable you to recover objects from accidental deletion or overwrite.
For example: If you overwrite an object, it results in a new object version in the bucket. You can always restore the previous version. If you delete an object, instead of removing it permanently, Amazon S3 inserts a delete marker, which becomes the current object version. You can always restore the previous version.

S3 Sever Access Logging:
i) For audit purpose, we may want to log all access to S3 buckets.
ii) Any request made to S3, from any account, authorized or denied will be logged into another S3 bucket.
iii) That data can be analyzed using data analysis tool.
iv) Very helpful to come down to the root cause of an issue or audit usage, view suspicious patterns etc…

S3 Replication Overview:
CRR = Cross Region Replication
SRR = Same Region Replication
We have our buckets in eu-west-1 and want to replicate all the contents continuously into another bucket in us-east-1. For this we can set up S3 replication and asynchronous system behind the scenes, replication will be happening. So all the files will be copied from one bucket to another. To achieve this:
i) We must enable versioning in the source and the destination buckets.
ii) Enable CRR or SRR, depends if you are replicating in same region or in a different region
iii) Buckets can be in different accounts
iv) Copying is asynchronous
v) Must give proper IAM permissions to S3.
CRR – Use case: Compliance, lower latency access, replication across accounts.
SRR – Use case: Log aggregation, live replication between production and test accounts

Question 1:
A healthcare startup needs to enforce compliance and regulatory guidelines for objects stored in Amazon S3. One of the key requirements is to provide adequate protection against accidental deletion of objects. As a solutions architect, what are your recommendations to address these guidelines? (Select two)
Answer: a. Enable versioning on the bucket
b. Enable MFA delete on the bucket

Question 2:
Which of the following features of an Amazon S3 bucket can only be suspended once they have been enabled?
Answer: Versioning
Explanation: Server Access Logging, Static Website Hosting and Requester Pays features can be disabled even after they have been enabled.

Question 3:
As a Solutions Architect, you are building an SFA on AWS. This SFA has a business requirement for sales reps to upload sales daily. In addition, those records should be kept for sales reports. Report storage requires durable and highly available storage. Since many sales people use SFA, it is an important requirement to prevent these records from being accidentally deleted due to some kind of operation error.
Choose data protection measures to meet these requirements.
A. Use S3 for storage and enable its versioning function
B. Automatically take snapshots on a regular basis while accumulating data on EBS
C. Take snapshots automatically on a regular basis while accumulating data in S3
D. Automatically take snapshots on a regular basis while accumulating data on RDS
Answer: A
Option 1 is the correct answer. The S3 standard storage class is best for storing frequently used data. On top of that, you can easily restore previous versions of the object by setting versioning. Versioning is a way to keep multiple variants of an object in the same bucket. You can use versioning to store, retrieve, and restore any version of any object stored in your Amazon S3 bucket. Versioning makes it easy to recover data from unintended user actions and application failures.
Option 2 is incorrect. EBS is less durable than S3. EBS is not suitable for data sharing.
Option 3 is incorrect. S3 does not have snapshot functionality.
Option 4 is incorrect. RDS is a relational database and does not meet the requirements for durable and available storage.