AWS Certified Solutions Architect – Professional — Question 949
A company has asked a Solutions Architect to design a secure content management solution that can be accessed by API calls by external customer applications.
The company requires that a customer administrator must be able to submit an API call and roll back changes to existing files sent to the content management solution, as needed.
What is the MOST secure deployment design that meets all solution requirements?
Answer options
- A. Use Amazon S3 for object storage with versioning and bucket access logging enabled, and an IAM role and access policy for each customer application. Encrypt objects using SSE-KMS. Develop the content management application to use a separate AWS KMS key for each customer.
- B. Use Amazon WorkDocs for object storage. Leverage WorkDocs encryption, user access management, and version control. Use AWS CloudTrail to log all SDK actions and create reports of hourly access by using the Amazon CloudWatch dashboard. Enable a revert function in the SDK based on a static Amazon S3 webpage that shows the output of the CloudWatch dashboard.
- C. Use Amazon EFS for object storage, using encryption at rest for the Amazon EFS volume and a customer managed key stored in AWS KMS. Use IAM roles and Amazon EFS access policies to specify separate encryption keys for each customer application. Deploy the content management application to store all new versions as new files in Amazon EFS and use a control API to revert a specific file to a previous version.
- D. Use Amazon S3 for object storage with versioning and enable S3 bucket access logging. Use an IAM role and access policy for each customer application. Encrypt objects using client-side encryption, and distribute an encryption key to all customers when accessing the content management application.
Correct answer: A
Explanation
Amazon S3 with versioning natively handles file rollbacks securely and efficiently, fulfilling the core requirement. Using SSE-KMS with a unique customer-managed KMS key and a dedicated IAM role per customer ensures strong cryptographic isolation and access control. Other options are either less secure, such as sharing a single client-side encryption key among all customers, or introduce unnecessary operational complexity by using EFS or WorkDocs.