Ultimate access to all questions.
A research center has migrated its 1 PB on-premises object storage to an Amazon S3 bucket on the AWS Cloud. One hundred scientists, all members of a single IAM user group, use this storage to store their work-related documents, each with a personal folder. The compliance officer is concerned about potential unauthorized access to these documents and requires detailed reports on document access by each scientist. The reporting team, with limited AWS experience, seeks a solution that is easy to implement and maintain. What actions should a solutions architect take to address these requirements? (Select two.)
A
Create an identity policy granting read and write access, with a condition specifying that S3 paths must be prefixed with $(aws:username), and apply this policy to the scientists’ IAM user group.
B
Set up an AWS CloudTrail trail to record all object-level events in the S3 bucket, store the trail logs in another S3 bucket, and use Amazon Athena to query these logs for generating reports.
C
Enable S3 server access logging, configure another S3 bucket for log delivery, and use Amazon Athena to query these logs for generating reports.
D
Create an S3 bucket policy that grants read and write access to users in the scientists’ IAM user group.
E
Configure an AWS CloudTrail trail to capture all object-level events in the S3 bucket, write these events to Amazon CloudWatch, and use the Amazon Athena CloudWatch connector to query the logs for generating reports.