...
Ref | Item | Labels | Proposals | Details |
---|---|---|---|---|
User 2FA | security MFA | |||
filtering | S3 Object Lambda attached to S3 Object Lambda Access Point For redacted or enriched views of base S3 object | |||
Lambda code signing | security | |||
Lambda API / User tracking | security traceability | CloudTrail logs | ||
Lambda VPC private subnet placement | security | NATGW or VPC endpoint is required - note Cloudwatch is a public service | ||
Long term storage | access compliance durability finops redundancy retention | S3 Intelligent-Tiering 4 levels to S3 Glacier Deep Archive | ||
compliance standards | Macie for Personally Identifiable Information (PII) via ML in S3 buckets for HIPAA, GDPR | |||
Encryption at rest | encryption security | DynamoDB RDS EBS encryption via KMS | ||
Encryption in transit | ||||
cloud always-free tier minimum cost - maximum coverage |