Question: 1/50
A data engineering team stores raw and curated datasets in Amazon S3. They want to ensure that no one can delete or overwrite objects in the curated prefix for 30 days, even if an IAM principal has s3:DeleteObject permissions. Which solution best meets this requirement?
Enable S3 Object Lock in governance mode on the bucket and apply a 30-day retention period to objects in the curated prefix
Enable S3 Versioning and configure an S3 Lifecycle rule to transition older versions to S3 Glacier Flexible Retrieval after 30 days
Enable S3 Object Lock in compliance mode on the bucket and apply a 30-day retention period to objects in the curated prefix
Use an S3 bucket policy that explicitly denies s3:DeleteObject for the curated prefix for all principals