AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A Solutions Architect must create a secure storage solution for confidential client documents at a law firm. The design needs to enforce strict permissions and ensure documents are only retained as long as legally necessary before being removed from storage. Which configuration would best meet the firm's operational and legal requirements?
Utilize a Glacier Vault with Lock policies, scheduling vault lock-in to meet the retention timeline and manually manage deletions.
Implement key management service policies to expire encryption on objects, effectively rendering them inaccessible post-retention.
Deploy an S3 bucket with appropriate Bucket Policies and IAM roles, setting lifecycle policies to remove documents after the predetermined retention duration.
Configure S3 Object Lock to enforce a strict WORM (Write Once Read Many) model until documents are manually purged post-retention.
Using Amazon S3 lifecycle policies is an effective solution to automatically manage the retention and deletion of documents in cloud storage. Setting up these policies allows documents to be deleted after they've reached the end of the required retention period. Access to these documents can be controlled with fine-grained permissions using Bucket Policies and IAM roles. Other provided options, such as using S3 Object Lock, AWS KMS policies, or Glacier Vault Lock, do not fulfill the specific requirement of automatic data deletion after a retention period. S3 Object Lock is for immutability, KMS manages encryption keys, and Glacier Vault Lock is for long-term archival, not lifecycle management.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How do S3 Bucket Policies work?
Open an interactive chat with Bash
What are IAM roles and how do they interact with S3?
Open an interactive chat with Bash
What are lifecycle policies in S3, and why are they important?