Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

$4 OFF AWS Security Specialty Practice Exams

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Associate S3 object lock and versioning

  • S3 object lock and versioning

  • gp24

    Member
    August 21, 2024 at 2:52 am

    In the question below doesn’t “must be retained” mean we have to use object locks? Also doesn’t using object locks automatically ensure versioning?

    Q:

    A solutions architect is designing a cost-efficient, highly available storage solution for company data. One of the requirements is to ensure that the previous state of a file is preserved and retrievable if a modified version of it is uploaded. Also, to meet regulatory compliance, data over 3 years must be retained in an archive and will only be accessible once a year.

    How should the solutions architect build the solution?

    * Create an S3 Standard bucket and enable S3 Object Lock in governance mode.
    * Create a One-Zone-IA bucket with object-level versioning enabled and configure a lifecycle rule that transfers files to Amazon S3 Glacier Deep Archive after 3 years.
    * Create an S3 Standard bucket with S3 Object Lock in compliance mode enabled then configure a lifecycle rule that transfers files to Amazon S3 Glacier Deep Archive after 3 years.
    * Sol: Create an S3 Standard bucket with object-level versioning enabled and configure a lifecycle rule that transfers files to Amazon S3 Glacier Deep Archive after 3 years.

  • Irene-TutorialsDojo

    Administrator
    August 21, 2024 at 8:30 am

    Hi gp24,

    Thank you for reaching out with your inquiry.

    You are correct in your understanding. When data “must be retained,” Amazon S3 Object Lock is the right solution to secure objects from deletion or alteration while meeting regulatory and compliance requirements.

    It is also essential to note that S3 Object Lock requires the S3 bucket to have versioning enabled. However, versioning is not enabled by default when using Object Lock. Prior to using Object Lock, you must manually enable versioning. Once versioning is enabled, Object Lock works with it to maintain specific object versions, preventing them from being deleted or overwritten during the retention period.

    For more detailed information, you can refer to the latest AWS documentation on S3 Object Lock and S3 Versioning.

    If you have any further questions, feel free to ask. We’re here to help!

    Cheers,

    Irene @ Tutorials Dojo

  • gp24

    Member
    August 21, 2024 at 7:20 pm

    Hi Irene,

    Thanks for replying.

    I still find the statement “versioning is not enabled by default when using Object Lock” confusing. When I create a new bucket from the AWS console with object lock enabled, the versioning option gets greyed out, and the bucket automatically has versioning enabled after the creation. Maybe this is an AWS console thing, and the CLI or SDK are different?

    Also if object lock is required, shouldn’t the third be the correct option not the fourth?

    • Irene-TutorialsDojo

      Administrator
      August 22, 2024 at 12:58 pm

      Hi gp24,

      Thank you for pointing out the discrepancy.

      The answer marked as correct (Option 1) suggests enabling versioning and setting up a lifecycle rule for archiving to S3 Glacier Deep Archive. While this approach does satisfy the requirements for preserving previous file versions and archival, it might not fully address the regulatory compliance aspect as strictly as Option 3, which includes S3 Object Lock in compliance mode.

      Regulatory compliance often demands more stringent controls, such as preventing deletions or modifications of objects. While Option 1 provides file versioning and lifecycle management, it does not include Object Lock, which is crucial for ensuring that data cannot be altered or deleted within the retention period. Hence, Option 3 should be the more appropriate answer when compliance is a key requirement.

      We will update this information on our portal to ensure it reflects the most accurate and up-to-date guidance.

      If you have any further thoughts or questions, feel free to discuss them—I’m happy to assist!

      Cheers,

      Irene @ Tutorials Dojo

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now