Which solution meets these requirements?
Implement client-side encryption and store the images in an Amazon S3 Glacier vault. Set a vault lock to prevent accidental deletion.
Store the images in an Amazon S3 bucket in the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Enable versioning, default encryption, and MFA Delete on the S3 bucket.
Store the images in an Amazon FSx for Windows File Server file share. Configure the Amazon FSx file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share. Use NTFS permission sets on the images to prevent accidental deletion.
Store the Images in an Amazon Elastic File System (Amazon EFS) file share in the Infrequent Access storage class. Configure the EFS file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share. Use NFS permission sets on the images to prevent accidental deletion.
Explanations:
Amazon S3 Glacier is designed for long-term archival storage and has retrieval times that are not “immediate.” While it can be encrypted and locked, it does not meet the requirement for immediate access to images.
Storing images in S3 Standard-IA allows for infrequent access while keeping them immediately available. Versioning and MFA Delete help protect against accidental deletion, and default encryption can be applied to ensure data is encrypted at rest.
Amazon FSx for Windows File Server is not as suitable for a serverless web application as S3, as it involves more management overhead. While it can use KMS for encryption and NTFS permissions can prevent deletion, it does not meet the requirement for rare access and immediate availability as efficiently as S3.
Amazon EFS is designed for use cases requiring file storage with shared access, and it is more suitable for applications needing low-latency access to data. While EFS can be encrypted and use permission sets, it is not as cost-effective or suitable for infrequent access images compared to S3.