AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A healthcare organization operating in Country X must ensure that all patient data and backups physically remain inside the country to meet national data-residency laws. Country X already has an AWS Region. When deciding where to deploy its compute and storage workloads, which approach best satisfies the legal requirement with the least additional complexity?
Store data in CloudFront edge locations that are inside Country X.
Deploy workloads in the AWS Region that is located inside Country X and disable any optional cross-Region features.
Choose an AWS Region in a neighboring country but restrict access with security groups and network ACLs.
Use AWS Global Accelerator so traffic always reaches the nearest Region automatically.
Deploying resources in the AWS Region that is physically located inside Country X keeps customer data within national borders by default. All Availability Zones in a Region reside in the same country, and AWS systems are designed so that customer data does not leave the Region unless the customer enables cross-Region features (for example, S3 cross-Region replication). Choosing this Region therefore meets the residency mandate with minimal extra controls.
Using CloudFront edge locations does not control where the origin data is stored. Selecting a Region in a neighboring country clearly violates the residency requirement. AWS Global Accelerator optimizes traffic routing but cannot guarantee that data is stored only inside Country X.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are data residency requirements?
Open an interactive chat with Bash
Why is choosing a data center in the same country crucial for compliance?
Open an interactive chat with Bash
What are the risks of distributing resources across data centers near the country's borders?