Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 446 discussion

THIS WAS IN MY EXAM

https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html

D as S3 batch operations reduce risk and manual copy/paste overhead.

A: Versioning, not relevant B: Governance, it won't enforce object lock C: Recopy existing objects may work but lots of operational overhead (see link) D: Compliance on existing objects with batch operations is least operational overhead https://repost.aws/questions/QUGKrl8XRLTEeuIzUHq0Ikew/s3-object-lock-on-existing-s3-objects

To enable Object Lock on an Amazon S3 bucket, you must first enable versioning on that bucket. other 3 option did not enable versioning first

Recopying offers more control but requires users to manage the process. S3 Batch Operations automates the process at scale but with less granular control - LEAST operational overhead

Its C because you only need to recopy all existing objects one time, so why use S3 batch operations if new datas going to be in compliance retention mode? I can see why its C although my initial gut answer was D.

You can only enable Object Lock for new buckets. If you want to turn on Object Lock for an existing bucket, contact AWS Support.

Turn on S3 Object Lock with compliance retention mode for the S3 bucket. Set the retention period to expire after 7 years. Use S3 Batch Operations to bring the existing data into compliance.

To replicate existing object/data in S3 Bucket to bring them to compliance, optionally we use "S3 Batch Replication", so option D is the most appropriate, especially if we have big data in S3.

For minimum ops D is best

https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-retention-date.html

Batch operations will add operational overhead.

Use Object Lock in Compliance mode. Then Use Batch operation. WRONG>>manual work and not automated>>>Recopy all existing objects to bring the existing data into compliance.

C When an object is locked in compliance mode, its retention mode can't be changed, and its retention period can't be shortened. Compliance mode helps ensure that an object version can't be overwritten or deleted for the duration of the retention period.

Recopying vs. S3 Batch Operations: In Option C, the recommendation is to recopy all existing objects to ensure they have the appropriate retention settings. This can be done using simple S3 copy operations. On the other hand, Option D suggests using S3 Batch Operations, which is a more advanced feature and may require additional configuration and management. S3 Batch Operations can be beneficial if you have a massive number of objects and need to perform complex operations, but it might introduce more overhead for this specific use case. Operational complexity: Option C has a straightforward process of recopying existing objects. It is a well-known operation in S3 and doesn't require additional setup or management. Option D introduces the need to set up and configure S3 Batch Operations, which can involve creating job definitions, specifying job parameters, and monitoring the progress of batch operations. This additional complexity may increase the operational overhead.

You need AWS Batch to re-apply certain config to files that were already in S3, like encryption