Answer: Create an analyzer in AWS Identity and Access Management Access Analyzer. Create an Amazon EventBridge rule for the event type “Access Analyzer Finding” with a filter for “isPublic: true.” Select the SNS topic as the EventBridge rule target.

Solution B is the correct answer because it provides a precise and effective method for notifying the security team when an Amazon S3 bucket becomes publicly exposed. 1. **Creating an Analyzer in AWS IAM Access Analyzer**: AWS Identity and Access Management (IAM) Access Analyzer continuously monitors and analyzes resource policies to help identify potential security vulnerabilities and exposures, such as when an Amazon S3 bucket is made publicly accessible. By setting up an analyzer, it ensures that any changes to the bucket's public access status are detected. 2. **Using Amazon EventBridge**: Amazon EventBridge can integrate with AWS IAM Access Analyzer, allowing you to capture specific events such as security findings. Creating a rule for the "Access Analyzer Finding" event type provides a mechanism to filter for specific conditions—in this case, a finding where `isPublic` is `true`. 3. **Filtering the Event**: By applying a filter for the attribute `isPublic: true`, the rule ensures that it only triggers when a bucket becomes publicly accessible, avoiding unnecessary notifications for other types of changes. 4. **Integrating with SNS**: Selecting the SNS topic as the rule target ensures that when the condition is met, a notification is sent to the pre-defined SNS topic, which has the data security team's email address subscribed to it. This ensures that the relevant personnel are notified promptly about the security posture change. This solution effectively leverages native AWS services to provide real-time monitoring and alerting for potentially critical security exposures, efficiently meeting the requirement to notify the security team only when an S3 bucket becomes public.

Author: LeetQuiz Editorial Team