Which solution will meet these requirements?
Activate S3 Object Lock on the required objects and enable governance mode.
Activate S3 Object Lock on the required objects and enable compliance mode.
Enable versioning on the S3 bucket. Set a lifecycle policy to delete the objects after a specified period.
Configure an S3 Lifecycle policy to transition objects to S3 Glacier Flexible Retrieval for the retention duration.
Explanations:
While activating S3 Object Lock in governance mode prevents accidental deletion and allows some users to delete or modify objects, it does not fully meet the requirement for protection from deletion or modification, as governance mode allows users with certain permissions to bypass the lock.
Activating S3 Object Lock in compliance mode ensures that once objects are locked, they cannot be deleted or modified for the specified retention period, thus fulfilling the requirement for regulatory compliance and protecting sensitive documents effectively.
Enabling versioning and setting a lifecycle policy for deletion does not meet the requirement for protection from deletion or modification during the retention period. Versioning allows previous versions to be retained, but does not prevent deletion of the current version until the lifecycle policy triggers.
Transitioning objects to S3 Glacier Flexible Retrieval does not protect them from deletion or modification. It simply moves them to a different storage class for cost savings, which does not address the requirement for maintaining data integrity during a fixed retention period.