A company wants to archive sensitive data on Amazon S3 Glacier. The company’s regulatory and compliance requirements do not allow any modifications to the data by any account.
Which solution meets these requirements?
A.
Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy after 24 hours.
B.
Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy within 24 hours.
C.
Configure S3 Object Lock in governance mode. Upload all files after 24 hours.
D.
Configure S3 Object Lock in governance mode. Upload all files within 24 hours.
While the policy is in the in-progress state, you have 24 hours to validate your Vault Lock policy before the lock ID expires. To prevent your vault from exiting the in-progress state, you must complete the Vault Lock process within these 24 hours. Otherwise, your Vault Lock policy will be deleted.
https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock.html#vault-lock-overview
Locking a vault takes two steps:
Initiate the lock by attaching a Vault Lock policy to your vault, which sets the lock to an in-progress state and returns a lock ID. While the policy is in the in-progress state, you have 24 hours to validate your Vault Lock policy before the lock ID expires. To prevent your vault from exiting the in-progress state, you must complete the Vault Lock process within these 24 hours. Otherwise, your Vault Lock policy will be deleted.
Use the lock ID to complete the lock process. If the Vault Lock policy doesn't work as expected, you can stop the Vault Lock process and restart from the beginning. For information about how to use the S3 Glacier API to lock a vault, see Locking a Vault by Using the S3 Glacier API.
Only Glacier Vault Lock Policy can block any user from deleting a file irregardless of age or other circumstance.
S3 Object lock: "With governance mode, you protect objects against being deleted by most users, but you can still grant some users permission to alter the retention settings or delete the object if necessary."
https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html
S3 Glacier Vault Lock Access policy:
"Vault access policy that can be locked. After you lock a Vault Lock policy, the policy can't be changed. You can use a Vault Lock Policy to enforce compliance controls."
"Locking a vault takes two steps:"
1. "attaching a Vault Lock policy to your vault, which"... "returns a lock ID"... "you must complete the Vault Lock process within these 24 hours."
2. "Use the lock ID to complete the lock process."
https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock.html
Attach a vault lock policy to an S3 Glacier vault that contains the archived data. Use the lock ID to validate the vault lock policy within 24 hours.
Notes:
While the policy is in the in-progress state, you have 24 hours to validate your Vault Lock policy before the lock ID expires.
https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Xelnak
Highly Voted 1 year, 7 months agoChristina666
Most Recent 11 months, 2 weeks agoGomer
1 year, 2 months agonoahsark
1 year, 4 months agoFatoch
1 year, 6 months agoGomer
1 year, 2 months agomarcelodba
1 year, 7 months agoBeidog
1 year, 7 months agoRaynor
1 year, 7 months agoLiongeek
1 year, 7 months agozolthar_z
1 year, 6 months ago