What is the MOST cost-effective way to correct this?

By:
In: SCS-C01
Tagged:
With: 1 Comment
A company is storing data in Amazon S3 Glacier.The security engineer implemented a new vault lock policy for 10TB of data and called initiate-vault-lock operation 12 hours ago.The audit team identified a typo in the policy that is allowing unintended access to the vault.

What is the MOST cost-effective way to correct this?

Call the abort-vault-lock operation. Update the policy. Call the initiate-vault-lock operation again.

Copy the vault data to a new S3 bucket. Delete the vault. Create a new vault with the data.

Update the policy to keep the vault lock in place.

Update the policy. Call initiate-vault-lock operation again to apply the new policy.

Explanations:

Aborting the vault lock is the most cost-effective way to stop the current lock, allowing for policy changes before reinitiating the vault lock. This avoids unnecessary data transfer costs and preserves existing data.

Copying 10TB of data to a new bucket and recreating the vault would be costly and time-consuming, as well as unnecessary to correct a policy error.

The policy cannot be updated directly once the initiate-vault-lock operation is in progress; it must be aborted first.

Simply calling initiate-vault-lock again without aborting does not apply the new policy and will not correct the error.

2025-10-01

1 Comment

  1. Nicholas
    Author

    I evaluate that the answer is:
    Call the abort-vault-lock operation. Update the policy. Call the initiate-vault-lock operation again.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + 1 =