A company has a production web application in which users upload documents through a web interface or a mobile app. According to a new regulatory requirement. new documents cannot be modified or deleted after they are stored.
What should a solutions architect do to meet this requirement?
To meet the regulatory requirement that new documents cannot be modified or deleted after they are stored, the most appropriate solution is to use Amazon S3 with both S3 Versioning and S3 Object Lock enabled. S3 Versioning preserves multiple versions of an object, ensuring that previous versions are not lost if an object is updated or deleted. S3 Object Lock adds an additional layer of security by applying a write-once-read-many (WORM) model, preventing objects from being deleted or overwritten for a fixed period or indefinitely. This combination ensures that the documents remain immutable and comply with the regulatory requirement.
You can use S3 Object Lock to store objects using a write-once-read-many (WORM) model. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. You can use S3 Object Lock to meet regulatory requirements that require WORM storage, or add an extra layer of protection against object changes and deletion. Versioning is required and automatically activated as Object Lock is enabled. https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html
***CORRECT*** A. Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled. S3 Versioning allows multiple versions of an object to be stored in the same bucket. This means that when an object is modified or deleted, the previous version is preserved. S3 Object Lock adds additional protection by allowing objects to be placed under a legal hold or retention period, during which they cannot be deleted or modified. Together, S3 Versioning and S3 Object Lock can be used to meet the requirement of not allowing documents to be modified or deleted after they are stored.
***WRONG*** Option B, storing the documents in an S3 bucket and configuring an S3 Lifecycle policy to archive them periodically, would not prevent the documents from being modified or deleted. Option C, storing the documents in an S3 bucket with S3 Versioning enabled and configuring an ACL to restrict all access to read-only, would also not prevent the documents from being modified or deleted, since an ACL only controls access to the object and does not prevent it from being modified or deleted. Option D, storing the documents on an Amazon Elastic File System (Amazon EFS) volume and accessing the data in read-only mode, would prevent the documents from being modified, but would not prevent them from being deleted.
Why not C
Configure an ACL to restrict all access to read-only would be you could not write the docs to the bucket in the first place.
S3 Versioning ensures that all versions of an object are retained when overwritten or deleted - this prevents deletion. S3 Object Lock can be used to apply a retention period and legal hold on objects to prevent them from being overwritten or deleted, even by users with full permissions. Option B only archives objects on a schedule but does not prevent modification or deletion. Option C uses ACLs which can still be overridden by users with full permissions. Option D relies on the application to enforce mounting as read-only, which is not as robust as using S3 Object Lock.
Liked the explanation for option C.Thanks!
S3 Versioning allows you to preserve every version of a document as it is uploaded or modified. This prevents accidental or intentional modifications or deletions of the documents. S3 Object Loc allows you to set a retention period or legal hold on the objects, making them immutable during the specified period. This ensures that the stored documents cannot be modified or deleted, even by privileged users or administrators. B. Configuring an S3 Lifecycle policy to archive documents periodically does not guarantee the prevention of document modification or deletion after they are stored. C. Enabling S3 Versioning alone does not prevent modifications or deletions of objects. Configuring an ACL does not guarantee the prevention of modifications or deletions by authorized users. D. Using EFS does not prevent modifications or deletions of the documents by users or processes with write permissions.
S3 Versioning and S3 Object Lock enabled meet the requirements, hence A is correct ans.
Option A. Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled. This will ensure that the documents cannot be modified or deleted after they are stored, and will meet the regulatory requirement. S3 Versioning allows you to store multiple versions of an object in the same bucket, and S3 Object Lock enables you to apply a retention policy to objects in the bucket to prevent their deletion.
A is the correct answer
https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html "S3 Object Lock can help prevent Amazon S3 objects from being deleted or overwritten for a fixed amount of time or indefinitely. " B is archiving which won't stop deletion C ACL can be modified D Sounds like there will be a write volume and a read volume which means write volume will have permissions for deletion
Option A. Object Lock will prevent modifications to documents
A is correct
https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html
aaaaaaaaa
aaaaaaaaaaa