What should a solutions architect do to meet this requirement?
Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled.
Store the uploaded documents in an Amazon S3 bucket. Configure an S3 Lifecycle policy to archive the documents periodically.
Store the uploaded documents in an Amazon S3 bucket with S3 Versioning enabled. Configure an ACL to restrict all access to read-only.
Store the uploaded documents on an Amazon Elastic File System (Amazon EFS) volume. Access the data by mounting the volume in read-only mode.
Explanations:
Storing documents in an S3 bucket with S3 Versioning and S3 Object Lock ensures that the documents cannot be modified or deleted after they are uploaded, meeting the regulatory requirement. S3 Object Lock allows for data immutability, while versioning provides an additional layer of data protection.
Using S3 Lifecycle policies to archive documents does not prevent modification or deletion. While it can manage the storage of documents, it does not ensure that once uploaded, documents remain unchanged or undeletable, which is required by the new regulatory requirement.
Enabling S3 Versioning alone does not prevent modification or deletion of documents; users can still delete previous versions. Configuring an ACL for read-only access does not prevent the current version from being deleted or modified. Therefore, this option does not fully meet the requirements.
Storing documents in an Amazon EFS volume in read-only mode does not provide a robust solution for immutability. EFS does not offer native features like S3 Object Lock to prevent deletions or modifications effectively, which is essential to meet the specified regulatory requirement.