AWS Certified Solutions Architect – Associate (SAA-C02) — Question 726

A company has a production web application in which users upload documents through a web interface or a mobile app. According to a new regulatory requirement, new documents cannot be modified or deleted after they are stored.
What should a solutions architect do to meet this requirement?

Answer options

• A. Store the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled.
• B. Store the uploaded documents in an Amazon S3 bucket. Configure an S3 Lifecycle policy to archive the documents periodically.
• C. Store the uploaded documents in an Amazon S3 bucket with S3 Versioning enabled. Configure an ACL to restrict all access to read-only.
• D. Store the uploaded documents on an Amazon Elastic File System (Amazon EFS) volume. Access the data by mounting the volume in read-only mode.

Correct answer: A

Explanation

Amazon S3 Object Lock, when used alongside S3 Versioning, provides Write Once, Read Many (WORM) protection, preventing objects from being deleted or overwritten for a specified retention period. Option B and C do not prevent authorized users or administrative processes from modifying or deleting the files. Mounting an Amazon EFS volume in read-only mode as described in Option D would prevent the application from writing new uploads to the volume, failing the core requirement.