Which solution will meet these requirements with the LEAST operational overhead?
Create a new 3 Storage Lens dashboard in each Region to track bucket and encryption metrics. Aggregate data from both Region dashboards into a single dashboard in Amazon QuickSight for the compliance teams.
Deploy an AWS Lambda function in each Region to list the number of buckets and the encryption status of objects. Store this data in Amazon S3. Use Amazon Athena queries to display the data on a custom dashboard in Amazon QuickSight for the compliance teams.
Use the S3 Storage Lens default dashboard to track bucket and encryption metrics. Give the compliance teams access to the dashboard directly in the S3 console.
Create an Amazon EventBridge rule to detect AWS CloudTrail events for S3 object creation. Configure the rule to invoke an AWS Lambda function to record encryption metrics in Amazon DynamoDB. Use Amazon QuickSight to display the metrics in a dashboard for the compliance teams.
Explanations:
While creating a new S3 Storage Lens dashboard in each region can track bucket and encryption metrics, aggregating this data into a single dashboard in QuickSight adds operational complexity and overhead, as it requires ongoing management and integration between two separate dashboards.
Deploying an AWS Lambda function to list bucket and encryption statuses and storing the data in S3 requires significant operational overhead for Lambda management, data storage, and ongoing queries using Athena, making it a more complex solution than necessary.
Using the S3 Storage Lens default dashboard provides a built-in solution for tracking bucket and encryption metrics with minimal setup and no additional overhead. Compliance teams can access the dashboard directly in the S3 console without needing custom implementations.
Creating an EventBridge rule and invoking a Lambda function to record metrics introduces unnecessary complexity and operational overhead. This solution requires management of Lambda functions and DynamoDB, which could be avoided by using the existing Storage Lens functionality.