What should a solutions architect do to meet these requirements with the LEAST development effort?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company has an application that provides marketing services to stores.The services are based on previous purchases by store customers.The stores upload transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers.Some of the files can exceed 200 GB in size.Recently, the company discovered that some of the stores have uploaded files that contain personally identifiable information (PII) that should not have been included.The company wants administrators to be alerted if PII is shared again.The company also wants to automate remediation.

What should a solutions architect do to meet these requirements with the LEAST development effort?

Use an Amazon S3 bucket as a secure transfer point. Use Amazon Inspector to scan the objects in the bucket. If objects contain PII, trigger an S3 Lifecycle policy to remove the objects that contain PII.

Use an Amazon S3 bucket as a secure transfer point. Use Amazon Macie to scan the objects in the bucket. If objects contain PII, use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain PII.

Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. If objects contain PII, use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain PII.

Implement custom scanning algorithms in an AWS Lambda function. Trigger the function when objects are loaded into the bucket. If objects contain PII, use Amazon Simple Email Service (Amazon SES) to trigger a notification to the administrators and trigger an S3 Lifecycle policy to remove the meats that contain PII.

Explanations:

Amazon Inspector is primarily used for security assessments of AWS resources and is not designed for scanning S3 objects for PII. Additionally, S3 Lifecycle policies are not suitable for triggering actions based on the presence of PII; they are intended for managing storage lifecycle.

Amazon Macie is specifically designed for discovering and protecting sensitive data, including PII, in S3. It can scan objects as they are uploaded and send notifications through Amazon SNS, making it an effective and low-effort solution for both alerting and remediation.

While using AWS Lambda to implement custom scanning could work, it requires significant development effort to create and maintain the scanning algorithms. Additionally, this option does not specify a remediation action, only a notification.

Similar to option C, implementing custom scanning in Lambda requires considerable development effort. Using Amazon SES for notifications is not ideal since Amazon SNS is more suited for managing notifications in AWS. Furthermore, there is no built-in functionality for automatic remediation like deleting PII-laden files.

Leave a Reply

Your email address will not be published. Required fields are marked *

15 + 5 =