Which solution will meet these requirements?
Create an S3 bucket for each application. Configure S3 Same-Region Replication (SRR) from the raw data’s S3 bucket to each application’s S3 bucket. Configure each application to consume data from its own S3 bucket.
Create an Amazon Kinesis data stream. Create an AWS Lambda function that is invoked by object creation events in the raw data’s S3 bucket. Program the Lambda function to redact data for each application. Publish the data on the Kinesis data stream. Configure each application to consume data from the Kinesis data stream.
For each application, create an S3 access point that uses the raw data’s S3 bucket as the destination. Create an AWS Lambda function that is invoked by object creation events in the raw data’s S3 bucket. Program the Lambda function to redact data for each application. Store the data in each application’s S3 access point. Configure each application to consume data from its own S3 access point.
Create an S3 access point that uses the raw data’s S3 bucket as the destination. For each application, create an S3 Object Lambda access point that uses the S3 access point. Configure the AWS Lambda function for each S3 Object Lambda access point to redact data when objects are retrieved. Configure each application to consume data from its own S3 Object Lambda access point
Explanations:
This option creates separate S3 buckets for each application, which leads to unnecessary complexity and management overhead. It also doesn’t address the requirement of redacting data differently for each application before access, as replication would copy raw data without modification.
Although this option introduces Kinesis for streaming data and involves redaction via Lambda, it does not allow direct access to S3 for each application. Additionally, it does not mention storing redacted data back in a way that allows each application to access it separately. It complicates the solution unnecessarily for a simple S3 data access requirement.
While this option utilizes S3 access points and Lambda for redaction, it requires storing redacted data in each application’s S3 access point. This could lead to data duplication and increased storage costs. It may also complicate data management and retrieval since it does not directly address access to the raw data.
This option effectively uses S3 access points and S3 Object Lambda access points to achieve the required data redaction. Each application can retrieve data through its own Object Lambda access point, which invokes a Lambda function to redact data on-the-fly. This meets the requirement for different redaction for each application while keeping the data stored only once in the raw S3 bucket, making it an efficient and scalable solution.