You are working as SysOps Administrator for a financial firm.
As per the legal team's guidelines, you need to save all customer transactions for seven years for compliance & audit purpose.
You created a vault for storing archives in S3 Glacier. You also need to ensure that no changes or deletion is made to these archives for seven years but need to ensure that files can be accessed multiple times for read purpose.
Which of the following policy can be enforced to meet this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: D.
A vault lock policy can be locked to prevent future changes, providing strong enforcement for your compliance controls.
You can use the vault lock policy to deploy regulatory and compliance controls, requiring tight controls on data access.
Option A is incorrect as the vault access policy is used to implement access controls that are not compliance related, temporary, and subject to frequent modification.
Option B is incorrect as the S3 bucket policy is used to grant permission to your Amazon S3 resources.
Option C is incorrect as there is nothing as Glacier control policy.
For more information on Vault Access Policy & Vault lock Policy, refer to the following URL-
https://docs.aws.amazon.com/amazonglacier/latest/dev/access-control-resource-based.htmlThe policy that can be enforced to meet the requirement of storing customer transactions for seven years and ensuring that no changes or deletions are made to the archives but files can be accessed multiple times for read purpose is Vault Lock Policy.
Vault Lock Policy is a feature of Amazon S3 Glacier that provides write-once-read-many (WORM) protection to your data. It enforces compliance controls by preventing any future modifications or deletion of the archives that are stored in a vault. Once an archive is locked, it cannot be modified or deleted for the period of time specified in the policy. Vault Lock Policy also provides the ability to specify a retention period for archives, ensuring that they are retained for a specific duration.
To implement Vault Lock Policy, you need to create a vault in Amazon S3 Glacier and then enable the Vault Lock feature for that vault. You can then create a Vault Lock Policy that specifies the retention period for the archives and other compliance controls, such as preventing the vault owner from deleting the policy or the archives before the retention period ends.
In this case, as per the legal team's guidelines, the customer transactions need to be saved for seven years, and no changes or deletions should be made during this period. Vault Lock Policy can enforce these requirements by setting a retention period of seven years for the archives stored in the vault and preventing any modifications or deletions during this period. This will ensure that the archives are preserved for seven years for compliance and audit purposes, while also allowing for multiple reads during this period.
Therefore, the correct answer is D. Vault Lock Policy.