...
Excuse the aeronautical reference but I am a product of 80's/90's Air Cadet, Flight Training, Chemical Nuclear Biological Defence Training, general Cold War mentality before the mid 90's foray into ideally/hopefully endless positive energy and overly enthusiastic software engineering mentality. In the past we were partial to checklists and up front planning - I still feel the need for some process planning to figure out if we missed something.
...
| Ref | Item | Labels | Proposals | Details |
|---|---|---|---|---|
| User 2FA | security MFA | |||
| filtering | S3 Object Lambda attached to S3 Object Lambda Access Point For redacted or enriched views of base S3 object | |||
| Lambda code signing | security | |||
| Lambda API / User tracking | security traceability | CloudTrail logs | ||
| Lambda VPC private subnet placement | security | NATGW or VPC endpoint is required - note Cloudwatch is a public service | ||
| Long term storage | access compliance durability finops redundancy retention | S3 Intelligent-Tiering 4 levels to S3 Glacier Deep Archive | ||
compliance standards | Macie for Personally Identifiable Information (PII) via ML in S3 buckets for HIPAA, GDPR | |||
| Encryption at rest | encryption security | DynamoDB RDS EBS encryption via KMS | ||
| Encryption in transit | ||||
| cloud always-free tier minimum cost - maximum coverage |