Question #1153
A company is developing a serverless data analytics solution on AWS. Their data resides in an Amazon S3 bucket and must be encrypted. The solution must replicate the data to another AWS Region and allow querying with minimal administrative effort.
Which approach meets these requirements with the LEAST operational overhead?
Create a new S3 bucket. Enable Cross-Region Replication (CRR) using server-side encryption with AWS KMS multi-Region keys (SSE-KMS). Use Amazon Athena for querying.
Create a new S3 bucket. Enable CRR with SSE-KMS. Use Amazon RDS for querying.
Use the existing S3 bucket. Enable CRR with server-side encryption using Amazon S3 managed keys (SSE-S3). Use Amazon Athena for querying.
Use the existing S3 bucket. Enable CRR with SSE-S3. Use Amazon RDS for querying.
Explanation
The correct answer is C because:
1. Existing S3 Bucket: The question states the data already resides in S3, so creating a new bucket (A, B) is unnecessary.
2. SSE-S3 Encryption: Enabling CRR with SSE-S3 (S3-managed keys) requires no KMS key management, reducing operational effort compared to SSE-KMS (A, B), which requires multi-Region key setup.
3. Athena for Querying: Athena is serverless and directly queries S3 data, eliminating administrative tasks like database provisioning (required for RDS in B, D).
Other options fail due to:
- A/B: KMS adds complexity.
- D: RDS requires database management.
- C ensures encryption via SSE-S3, replicates data, and uses Athena for minimal effort.
Answer
The correct answer is: C