A company has a production web application where users upload documents through a web interface or a mobile app. A new regulation requires that documents cannot be modified or deleted after they are stored. What should a solutions architect do to meet this requirement?
Choose an answer
Tap an option to check your answer.
Correct answer: Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled..
Why this is the answer
The correct solution is to store documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled. S3 Object Lock prevents objects from being deleted or overwritten for a fixed amount of time or indefinitely, ensuring immutability as required by the regulation. S3 Versioning keeps multiple versions of an object, protecting against accidental deletions or overwrites, and complements Object Lock by maintaining a history of changes. Storing documents in an S3 bucket with only a lifecycle policy to archive them does not prevent modification or deletion of the current object version. Enabling S3 Versioning and configuring an ACL for read-only access is insufficient because ACLs control permissions but do not prevent the root account or authorized users from modifying or deleting objects, nor does versioning alone prevent deletion of all versions. Using Amazon EFS with a read-only mount is not suitable for this use case, as EFS is a file system for EC2 instances, not an object storage service designed for immutable archiving of user-uploaded content, and the read-only mount only applies to the client, not the underlying storage.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed