AWS Certified Solutions Architect – Professional (SAP-C02) — Question 346

A company needs to monitor a growing number of Amazon S3 buckets across two AWS Regions. The company also needs to track the percentage of objects that are encrypted in Amazon S3. The company needs a dashboard to display this information for internal compliance teams.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Create a new 3 Storage Lens dashboard in each Region to track bucket and encryption metrics. Aggregate data from both Region dashboards into a single dashboard in Amazon QuickSight for the compliance teams.
• B. Deploy an AWS Lambda function in each Region to list the number of buckets and the encryption status of objects. Store this data in Amazon S3. Use Amazon Athena queries to display the data on a custom dashboard in Amazon QuickSight for the compliance teams.
• C. Use the S3 Storage Lens default dashboard to track bucket and encryption metrics. Give the compliance teams access to the dashboard directly in the S3 console.
• D. Create an Amazon EventBridge rule to detect AWS CloudTrail events for S3 object creation. Configure the rule to invoke an AWS Lambda function to record encryption metrics in Amazon DynamoDB. Use Amazon QuickSight to display the metrics in a dashboard for the compliance teams.

Correct answer: C

Explanation

The default S3 Storage Lens dashboard is automatically enabled for all AWS accounts and provides pre-configured, multi-Region visibility into S3 usage and activity, including encryption metrics, at no additional operational cost. Granting the compliance team direct access to this built-in dashboard in the S3 console satisfies all requirements with zero infrastructure to manage. The other options involve setting up custom dashboards, writing code, or managing data pipelines (such as Lambda, DynamoDB, Athena, and QuickSight), which significantly increases operational overhead.