Data retention and governance requirements


The course is part of this learning path

Start course

In this course, we will explore our Storage options and how Cloud computing can assist in creating storage solutions that scale with your needs and give your data the durability and governance it requires.

Learning Objectives

  • Be able to make the right choices among the various Storage options available to you in AWS
    • Cloud Storage options
    • Specific options for hybrid cloud storage to complement your on-premises storage
    • Options to help you scale and meet storage requirements

Intended Audience

  • If you already know about Cloud Computing in AWS but at times you feel overwhelmed with Storage options or just simply aren’t sure about what to pick in a specific scenario, then this course is for you


  • Basic understanding of AWS services that provide storage or need storage based on your use-case
  • Understand how much storage you will need now and, ideally, in the future
  • Understand how quickly you'll need access to your data in terms of performance and retrieval times

Sometimes, data storage has other purposes that go beyond the specific needs of your business. A great example of this is data that is governed by laws and regulations. Typically, highly sensitive data or personally identifiable data. In such cases, you will need to store your data in a storage that meets or exceeds this legal requirements. Data retention. This is the most common of regulatory requirements. In the event of a legal dispute, a claim, or security threat, data such as activity logs, for example, need to be kept for predetermined periods of time. Services such as AWS Glacier or AWS Backup offer tamper-proof long term storage solutions that follow the WORM model. That is 'Write Once, Read Many', meaning that once the data goes in, you can legally prove that it cannot be modified nor retrieved if this feature is desired for the desired period at the time. This is a great peace of mind against backup disasters and ransomware attacks. Data governance. There's some information that is simply too sensitive to be handled by just anyone. This includes medical records, government information, trade secrets, credit card numbers and more. In these cases, data needs to be protected both physically by limiting physical access to the building and performing frequent background checks on employees, and digitally by ensuring encryption in-transit and at-rest and safeguarding encryption keys.

S3 is compliant with most regulatory requirements, HIPPA, FedRAMP, PCI, and more. And if you store your data in S3, you can rest assured that at least the address component of your software solution meets or exceeds security requirements. Of course, encryption and digital access to this data still falls under your responsibility. Audited access. Another great feature of using S3 for storage is that you can turn on CloudTrail event logging. This means that you can have a tamper-proof activity log of who and when access each and every file in your storage. Again, great peace of mind, since this activity data can also be sent through machine learning for a nominal detection and find data leaks before they become an even bigger problem. Sanitizing data. If you haven't noticed already, I'm a big fan of S3 storage. This feature is one of my favorites. S3 Object Lambda is a Lambda function that you can associate with your S3 bucket and it can help you transform data before delivering to your users. This gives you the opportunity to wipe out any and all personally identifiable information, that's PII, before your consumers gain access to the data. This is just another layer of peace of mind and security.


About the Author
Carlos Rivas
Sr. AWS Content Creator

Software Development has been my craft for over 2 decades. In recent years, I was introduced to the world of "Infrastructure as Code" and Cloud Computing.
I loved it! -- it re-sparked my interest in staying on the cutting edge of technology.

Colleagues regard me as a mentor and leader in my areas of expertise and also as the person to call when production servers crash and we need the App back online quickly.

My primary skills are:
★ Software Development ( Java, PHP, Python and others )
★ Cloud Computing Design and Implementation
★ DevOps: Continuous Delivery and Integration