What is the MOST operationally efficient way to prevent new credit card data from being written to the S3 bucket?
Add a transformation rule to the DMS task to ignore the column from the source data endpoint.
Add a transformation rule to the DMS task to mask the column by using a simple SQL query.
Configure the target S3 bucket to use server-side encryption with AWS KMS keys (SSE-KMS).
Remove the credit card number column from the data source so that the DMS task does not need to be altered.
Explanations:
Adding a transformation rule in the DMS task to ignore the credit card column is operationally efficient, as it prevents the column from being replicated without altering the source data. This action directly addresses the requirement without needing further changes to source or target data.
Masking the column with a SQL query adds unnecessary complexity and processing overhead, as ignoring the column entirely is simpler and more efficient given the data is not needed.
Server-side encryption with AWS KMS (SSE-KMS) protects data at rest but does not prevent the credit card data from being written to the bucket, so it does not fulfill the requirement to prevent new credit card data from being replicated.
Removing the column from the source data is disruptive, may affect other systems, and is not feasible if the source data needs to retain the column for other processes. Ignoring the column in DMS is more efficient.