A healthcare company is required by regulation to keep patient data stored within a specific country. Which is the MOST appropriate way to address this 'data storage location' requirement on AWS?
Choosing how to address a data storage location requirement.
Select the appropriate Region in which to store the data.
Correct. For a requirement to store data in a specific country (data residency), the appropriate approach is to choose that country's AWS Region for storage, or control the storage location with S3 on Outposts.
Enable cross-Region replication.
Cross-Region replication is a feature that replicates data to another Region for availability and disaster recovery.
Replicating to a Region outside the country would move data across borders, which actually conflicts with the residency requirement, so it is incorrect.
Strengthen logging of access to the data.
Logging of access is a record (governance) of who touched the data and is unrelated to where the data is physically stored.
The storage-location requirement is controlled by Region selection, so it is incorrect.
Deliver it through CloudFront edge caching.
CloudFront is a service that caches content at edge locations around the world to speed up delivery.
Because the data is replicated to edges in various places, it is incompatible with the requirement to keep it stored in a specific country, so it is incorrect.
Data residency controls 'where data is stored' through Region selection (and, if needed, on-premises storage such as S3 on Outposts). A classic trap is 'strengthening logging'; adding records does not change the storage location. Note that cross-Region replication and edge delivery actually replicate data out of the country.