A. Configure a gateway VPC endpoint to securely route traffic from on premises to the S3 buckets. Configure an interface VPC endpoint to route traffic between the S3 buckets and EC2 instances over the AWS private network.
B. Configure an interface VPC endpoint to securely route traffic from on premises to the S3 buckets. Configure a gateway VPC endpoint to route traffic between the S3 buckets and EC2 instances over the AWS private network.
C. Configure Amazon GuardDuty to identify S3 buckets that are missing the DataClassification tag. Create an Amazon Simple Notification Service (Amazon SNS) topic. Deliver notifications to the topic whenever an untagged S3 bucket is identified.
D. Configure AWS Security Hub to identify S3 buckets that are missing the DataClassification tag. Create an Amazon Simple Notification Service (Amazon SNS) topic. Deliver notifications to the topic whenever an untagged S3 bucket is identified.
E. Configure AWS Config to identify S3 buckets that are missing the DataClassification tag. Generate a report of all resources that AWS Config identifies as missing the tag.
F. Configure Amazon Macie to scan all S3 buckets in the account on a scheduled basis. Integrate Macie with Amazon EventBridge (Amazon CloudWatch Events). Create an AWS Lambda function to validate the data classification inferred by Macie and to add the missing tag.