Which solution will meet these requirements?

By:
In: SAA-C03
Tagged:
With: 1 Comment
A company needs to save the results from a medical trial to an Amazon S3 repository.The repository must allow a few scientists to add new files and must restrict all other users to read-only access.No users can have the ability to modify or delete any files in the repository.The company must keep every file in the repository for a minimum of 1 year after its creation date.

Which solution will meet these requirements?

Use S3 Object Lock in governance mode with a legal hold of 1 year.

Use S3 Object Lock in compliance mode with a retention period of 365 days.

Use an IAM role to restrict all users from deleting or changing objects in the S3 bucket. Use an S3 bucket policy to only allow the IAM role.

Configure the S3 bucket to invoke an AWS Lambda function every time an object is added. Configure the function to track the hash of the saved object so that modified objects can be marked accordingly.

Explanations:

S3 Object Lock in governance mode allows modifications by users with the necessary permissions, which does not meet the requirement of preventing all modifications.

S3 Object Lock in compliance mode prevents any modifications or deletions for the specified retention period, meeting the requirement to keep files for at least 1 year.

While using an IAM role can restrict modifications, it does not inherently enforce a retention policy or prevent deletion after the role is removed or altered.

This solution involves tracking modifications through a Lambda function but does not provide a built-in mechanism to prevent deletions or enforce a retention period.

2025-10-21

1 Comment

  1. Marilyn
    Author

    I appraise that the answer is:
    Use S3 Object Lock in compliance mode with a retention period of 365 days.

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty − 7 =