...
| Ref | Item | Labels | Proposals | Details |
|---|---|---|---|---|
| User 2FA | security MFA | |||
| filtering | S3 Object Lambda attached to S3 Object Lambda Access Point For redacted or enriched views of base S3 object | |||
| Lambda code signing | security | |||
| Lambda API / User tracking | security traceability | CloudTrail logs | ||
| Lambda VPC private subnet placement | security | NATGW or VPC endpoint is required - note Cloudwatch is a public service | ||
| Long term storage | access compliance durability finops redundancy retention | S3 Intelligent-Tiering 4 levels to S3 Glacier Deep Archive | ||
compliance standards | Macie for Personally Identifiable Information (PII) via ML in S3 buckets for HIPAA, GDPR | |||
| Encryption at rest | encryption security | DynamoDB RDS EBS encryption via KMS | ||
| Encryption in transit | ||||
cloud always-free tier minimum cost - maximum coverage |