Which solution will meet these requirements with the LEAST operational overhead?
Create an Object Lambda Access Point. Create an AWS Lambda function that redacts the PII when the function reads the file. Instruct the external service provider to access the Object Lambda Access Point.
Create a batch process on an Amazon EC2 instance that regularly reads all new files, redacts the PII from the files, and writes the redacted files to a different S3 bucket. Instruct the external service provider to access the bucket that does not contain the PII.B. Create a web application on an Amazon EC2 instance that presents a list of the files, redacts the PII from the files, and allows the external service provider to download new versions of the files that have the PII redacted.
Create an Amazon DynamoDB table. Create an AWS Lambda function that reads only the data in the files that does not contain PII. Configure the Lambda function to store the non-PII data in the DynamoDB table when a new file is written to Amazon S3. Grant the external service provider access to the DynamoDB table.
Explanations:
An Object Lambda Access Point can be used to create a solution that automatically redacts PII when the external service provider accesses the S3 files. This minimizes operational overhead by offloading the redaction process to Lambda without the need to store additional files or manage separate processes.
Using an EC2 instance to regularly process and redact files introduces higher operational overhead, as it requires managing an EC2 instance, batch processing, and ensuring the files are redacted and copied to a different bucket. This adds complexity and scalability issues.
Storing redacted data in DynamoDB and giving the external provider access introduces unnecessary complexity. DynamoDB is not an ideal solution for storing large amounts of text data, and the redaction process is not as streamlined as using Object Lambda Access Points for direct S3 access.