Which solution will meet these requirements in the MOST secure way?
Upload all flies to an Amazon S3 bucket that is configured for static website hosting. Grant read-only IAM permissions to any AWS principals that access the S3 bucket until the designated date.
Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a retention period in accordance with the designated date. Configure the S3 bucket for static website hosting. Set an S3 bucket policy to allow read-only access to the objects.
Create a new Amazon S3 bucket with S3 Versioning enabled. Configure an event trigger to run an AWS Lambda function in case of object modification or deletion. Configure the Lambda function to replace the objects with the original versions from a private S3 bucket.
Upload all files to an Amazon S3 bucket that is configured for static website hosting. Select the folder that contains the files. Use S3 Object Lock with a retention period in accordance with the designated date. Grant read-only IAM permissions to any AWS principals that access the S3 bucket.
Explanations:
While this option provides public read-only access, it does not ensure immutability, as it lacks S3 Object Lock, allowing files to be modified or deleted before the designated date.
This option meets all requirements by enabling S3 Versioning and S3 Object Lock with a retention period. The static website hosting provides public access, and Object Lock prevents modification or deletion until the designated date.
Although the Lambda function could potentially restore objects from a backup, this approach is not the most secure. It relies on event triggers and additional configurations, which do not guarantee the required immutability.
This option is close to correct but does not enable S3 Versioning, which is recommended when using S3 Object Lock for added security. Without versioning, there is a risk of unintentional object deletion or overwrites that Object Lock alone may not fully protect against.
It seems to me that the answer is:
Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a retention period in accordance with the designated date. Configure the S3 bucket for static website hosting. Set an S3 bucket policy to allow read-only access to the objects.