Which feature of Amazon Glacier enforces compliance controls on archived data?

The correct answer is Vault Lock, a feature of Amazon Glacier that allows users to enforce compliance controls on archived data. Vault Lock enables you to set specific policies that govern how data can be accessed or modified within your Glacier vault. Once a Vault Lock policy is applied and the lock is set, it cannot be changed or removed, ensuring that the archived data remains immutable and compliant with regulatory requirements.

By utilizing Vault Lock, organizations can ensure that their archived data adheres to legal and compliance standards, which is critical in industries such as finance and healthcare. This feature provides a mechanism to prevent accidental or malicious changes to data, supporting the need for strict audit trails and data retention practices.

The other options relate to functionalities within AWS storage solutions, but they do not specifically address compliance controls in the same manner. For instance, while Object Lock allows you to prevent objects from being deleted or overwritten for a specified period, Vault Lock specifically applies to the entire vault's policy governance. Data Immutability is a broader concept that refers to the property of data that cannot be altered, but it lacks the specific compliance enforcement mechanism provided by Vault Lock.