Which solution will meet these requirements?
Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Configure AWS Key Management Service (AWS KMS) encryption.
Store the data in an Amazon S3 Glacier vault. Configure a vault lock policy for write-once, read-many (WORM) access.
Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure server-side encryption.
Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Configure multi-factor authentication (MFA).
Explanations:
Amazon EBS volumes are not designed for long-term archival or write-once-read-many (WORM) protection. While AWS KMS encryption can secure the data, it does not prevent future edits or deletion, which is required for audit logs.
Amazon S3 Glacier with a vault lock policy supports WORM access, which prevents any modification or deletion of the archived logs for a set retention period, meeting both the long-term retention and protection from edits requirements.
S3 Standard-IA is designed for infrequent access data but does not provide WORM protection or guarantee that the data cannot be edited or deleted. It is not suitable for compliance-grade archiving.
While MFA can help secure the data from accidental deletion, it does not prevent future edits. S3 Standard-IA also lacks WORM protection, making it unsuitable for the company’s archival and edit-prevention needs.