Which solution will meet these requirements with the LEAST development effort?
Run an Amazon Inspector report on the S3 bucket to identify sensitive data. Create a new S3 bucket with default encryption enabled. Transfer the unencrypted objects to the new S3 bucket. Update the applications to access the new S3 bucket.
Run an Amazon Macie report on the S3 bucket to identify sensitive data. Create a new S3 bucket with default encryption enabled. Transfer the unencrypted objects to the new S3 bucket. Update the applications to access the new S3 bucket.
Run an Amazon Inspector report against the S3 bucket to identify sensitive data. Modify the S3 bucket to enable default encryption. Use an Amazon S3 Inventory report and Amazon S3 Batch Operations to encrypt the existing unencrypted objects in the same S3 bucket.
Run an Amazon Macie report on the S3 bucket to identify sensitive data. Modify the S3 bucket to enable default encryption. Use an S3 Inventory report and S3 Batch encrvnt the existing unencrypted objects in the same S3 bucket.
Explanations:
Amazon Inspector cannot identify sensitive data in S3 objects, it is more focused on security compliance and vulnerabilities. Transferring the objects to a new bucket would involve unnecessary rework, which is not ideal given limited resources.
Amazon Macie is better suited to identifying sensitive data, but creating a new S3 bucket would still require rework of applications and management of new bucket policies, which is unnecessary.
Amazon Inspector is not designed to identify sensitive data in S3 buckets. While S3 Batch Operations can be used to encrypt objects, the use of Inspector makes this option incorrect for identifying sensitive data.
Amazon Macie can identify sensitive data in S3 objects. Enabling default encryption and using S3 Inventory and Batch Operations to encrypt unencrypted objects in the same bucket provides a seamless solution without the need to transfer data to a new bucket.