Regulatory mandates, audit requirements, and security policies often call for data visibility and granular data control while using Amazon Simple Storage Service (Amazon S3) for shared datasets. Because data on Amazon S3 is often accessible by multiple applications and teams, fine-grained access controls should be implemented to restrict privileged information such as personally identifiable information (PII) to only authorized entities. For example, PII data used by a marketing application may need to be masked to meet data privacy requirements. Similarly, an order inventory dataset used by a production ordering application may include customer credit card information that shouldn't be accessed by a business analytics application, so this data should be suppressed to prevent unintended data leakage. In this post, we show you how to implement Amazon S3 Object Lambda to process and modify data retrieved from Amazon S3.