AWS Certified Solutions Architect – Associate (SAA-C03) — Question 514
A law firm needs to share information with the public. The information includes hundreds of files that must be publicly readable. Modifications or deletions of the files by anyone before a designated future date are prohibited.
Which solution will meet these requirements in the MOST secure way?
Answer options
- A. Upload all files to an Amazon S3 bucket that is configured for static website hosting. Grant read-only IAM permissions to any AWS principals that access the S3 bucket until the designated date.
- B. Create a new Amazon S3 bucket with S3 Versioning enabled. Use S3 Object Lock with a retention period in accordance with the designated date. Configure the S3 bucket for static website hosting. Set an S3 bucket policy to allow read-only access to the objects.
- C. Create a new Amazon S3 bucket with S3 Versioning enabled. Configure an event trigger to run an AWS Lambda function in case of object modification or deletion. Configure the Lambda function to replace the objects with the original versions from a private S3 bucket.
- D. Upload all files to an Amazon S3 bucket that is configured for static website hosting. Select the folder that contains the files. Use S3 Object Lock with a retention period in accordance with the designated date. Grant read-only IAM permissions to any AWS principals that access the S3 bucket.
Correct answer: B
Explanation
S3 Object Lock provides WORM (Write Once, Read Many) protection to prevent objects from being deleted or overwritten, but it requires S3 Versioning to be enabled on the bucket. Using an S3 bucket policy is the correct way to grant read-only access to anonymous public users, whereas IAM policies only apply to defined AWS principals. Options A and D are incorrect because IAM permissions do not govern public access, and Object Lock cannot be enabled on a folder level without bucket-level versioning configuration. Option C is a reactive approach that does not prevent unauthorized modifications in the first place.