Which solution will meet these requirements in the MOST secure way?
Upload all files to an Amazon S3 bucket that is configured for static website hosting. Grant read-only IAM permissions to any AWS principals that access the S3 bucket until the designated date.
Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a retention period in accordance with the designated date. Configure the S3 bucket for static website hosting. Set an S3 bucket policy to allow read-only access to the objects.
Create a new Amazon S3 bucket with S3 Versioning enabled. Configure an event trigger to run an AWS Lambda function in case of object modification or deletion. Configure the Lambda function to replace the objects with the original versions from a private S3 bucket.
Upload all files to an Amazon S3 bucket that is configured for static website hosting. Select the folder that contains the files. Use S3 Object Lock with a retention period in accordance with the designated date. Grant read-only IAM permissions to any AWS principals that access the S3 bucket.
Explanations:
While this option provides read-only access to files, it does not prevent deletions or modifications after the files are uploaded. It lacks mechanisms like S3 Object Lock, which are essential for enforcing retention policies until the designated date.
This option uses S3 Object Lock with a retention period, ensuring that files cannot be modified or deleted until the specified date. It also allows for public read access through static website hosting, meeting all security and accessibility requirements effectively.
Although this option uses S3 Versioning and a Lambda function to restore original files upon modification or deletion, it does not fully prevent changes from occurring in the first place. This approach is less secure and reliable compared to using S3 Object Lock for retaining files unaltered until the designated date.
This option includes S3 Object Lock, which is good for preventing changes, but it incorrectly states that only a specific folder is selected for Object Lock. For the requirement to be met, the entire bucket needs to be configured properly for Object Lock. Additionally, it does not clearly specify the implementation of static website hosting.
I reckon the answer is:
Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a retention period in accordance with the designated date. Configure the S3 bucket for static website hosting. Set an S3 bucket policy to allow read-only access to the objects.