...
Excuse the aeronautical reference but I am a product of 80's/90's Air Cadet, Flight Training, Chemical Nuclear Biological Defence Training, general Cold War mentality before the mid 90's foray into endless positive energy and overly enthusiastic software engineering mentality. In the past we were partial to checklists and up front planning - I still feel the need for some process planning to figure out if we missed something.
Checklist
| Ref | Item | Labels | Proposals | Details |
|---|---|---|---|---|
| User 2FA | security MFA | |||
| filtering | S3 Object Lambda attached to S3 Object Lambda Access Point For redacted or enriched views of base S3 object | |||
| Lambda code signing | security | |||
| Lambda API / User tracking | security traceability | CloudTrail logs | ||
| Lambda VPC private subnet placement | security | NATGW or VPC endpoint is required - note Cloudwatch is a public service | ||
| Long term storage | access compliance durability finops redundancy retention | S3 Intelligent-Tiering 4 levels to S3 Glacier Deep Archive | ||
compliance standards | Macie for Personally Identifiable Information (PII) via ML in S3 buckets for HIPAA, GDPR | |||
| Encryption at rest | encryption security | DynamoDB RDS EBS encryption via KMS | ||
| Encryption in transit | ||||