A company instructed their Solutions Architect to design a secure and scalable content management system (CMS) that can be accessed by the custom applications of their external customers via API calls. There is also a requirement to enable customer administrators to simply submit an API call which can roll back changes to existing files sent to the CMS.
Which of the following options is the MOST secure design that the Architect should implement?
The correct answer marked is a solution with S3. S3 does not provide CMS capabilities (collaboration, versioning, search, document based security, sharing, etc). Should AWS WorkDocs not be the right answer here?
The option that says: Use Amazon WorkDocs for object storage and utilize its user access management, version control, and built-in encryption. Track all API calls using AWS CloudTrail and develop a feature to rollback the changes using CloudTrail and using Amazon CloudWatch dashboard as the user interface is incorrect because Amazon WorkDocs is not suitable for object storage. Although you can track all API calls to your S3 bucket using CloudTrail, you must use S3 Versioning instead in order to revert back to the previous versions of the objects.
It is true that S3 doesn’t support CMS capabilities by default but technically, you can build a content management system out of it using S3 Versioning. WorkDocs could possibly be used here as well but in the scenario, it is wrongly portrayed as an object storage service. Furthermore, it uses CloudTrail as part of its versioning feature.
I acknowledge that the scenario can be further improved to have a clear distinction between Amazon S3 and WorkDocs. I’ll revisit this item again and improve it accordingly.