What should a solutions architect do to meet these requirements with the LEAST development effort?

By:
On:
In: SAA-C02
Tagged:
With: 0 Comments
A company has an application that provides marketing services to stores.The services based on previous purchases by store customers.The stores upload transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers.Some of the files can exceed 200 GB in size.Recently, the company discovered that some of the stores have uploaded files that contain personally identifiable information (PII) that should not have been included.The company wants administrators to be alerted if PII is shared again.The company also wants to automate remediation.

What should a solutions architect do to meet these requirements with the LEAST development effort?

Use an Amazon S3 bucket as a secure transfer point. Use Amazon Inspector to scan the objects in the bucket. If objects contain PII, trigger an S3 Lifecycle policy to remove the objects that contain PII.

Use an Amazon S3 bucket as a secure transfer point. Use Amazon Macie to scan the objects in the bucket. If objects contain PII, use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain PII.

Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. If objects contain PII, use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain PII.

Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. If objects contain PII, use Amazon Simple Email Service (Amazon SES) to trigger a notification to the administrators and trigger an S3 Lifecycle policy to remove the objects that contain PII.

Explanations:

Amazon Inspector is not designed for scanning objects in S3 buckets. It is primarily used for security assessments of EC2 instances, not for identifying PII in stored files. Additionally, S3 Lifecycle policies cannot automatically delete objects based on content.

Amazon Macie is a managed service that can scan S3 objects for sensitive data, including PII. It can trigger notifications using Amazon SNS when PII is detected, meeting the requirements for alerting administrators. The approach involves minimal development effort.

While AWS Lambda can be used to trigger on new S3 object uploads, implementing custom scanning algorithms would require substantial development. Lambda functions are not optimized for large-scale data scanning like Macie. This solution also lacks the built-in alerting mechanism offered by Amazon SNS and does not automate remediation.

Custom scanning algorithms in Lambda would require significant development. SES is typically used for email communication, but it’s not the most appropriate service for automating notifications in this context. S3 Lifecycle policies cannot delete objects based on content analysis, and the approach involves unnecessary complexity.

Leave a Reply

Your email address will not be published. Required fields are marked *

12 + 7 =