Answer: AWS Artifact

## Detailed Explanation This question asks which AWS service a financial company should use to generate reports demonstrating compliance with international regulations for processing sensitive customer data when hosting generative AI models on AWS. ### Analysis of Options: **A: Amazon Macie** - **Purpose**: Amazon Macie is a security service that uses machine learning to discover, classify, and protect sensitive data in AWS. - **Why it's not optimal**: While Macie helps identify sensitive data and can generate findings about data security, it does not provide formal compliance reports or documentation from third-party auditors. It's more focused on data discovery and protection rather than compliance reporting. **B: AWS Artifact** - **Purpose**: AWS Artifact is specifically designed to provide on-demand access to AWS compliance reports, certifications, and security documentation. - **Why it's optimal**: This service directly addresses the requirement for generating reports to show adherence to international regulations. AWS Artifact provides: - Third-party audit reports (SOC, PCI DSS, ISO 27001, etc.) - Certifications relevant to international regulations - Documentation needed for regulatory compliance in financial industries - Evidence of AWS's compliance with various standards that customers can leverage **C: AWS Secrets Manager** - **Purpose**: AWS Secrets Manager helps protect secrets needed to access applications, services, and IT resources. - **Why it's not optimal**: While important for security, this service manages credentials and secrets rather than generating compliance reports. It doesn't provide documentation for regulatory adherence. **D: AWS Config** - **Purpose**: AWS Config assesses, audits, and evaluates configurations of AWS resources. - **Why it's not optimal**: AWS Config helps with compliance monitoring and auditing of resource configurations, but it doesn't provide the formal third-party audit reports and certifications needed to demonstrate compliance with international regulations to external stakeholders. ### Key Considerations for Financial Companies: 1. **Regulatory Requirements**: Financial institutions face strict international regulations (GDPR, PCI DSS, etc.) requiring documented proof of compliance. 2. **Third-Party Validation**: Regulatory bodies typically require independent third-party audit reports, which AWS Artifact provides. 3. **Generative AI Context**: While the company hosts generative AI models, the compliance requirement relates to data handling practices, making AWS Artifact the appropriate choice for reporting compliance documentation. AWS Artifact is the correct choice because it specifically provides the compliance documentation and audit reports that financial companies need to demonstrate adherence to international regulations when processing sensitive customer data on AWS.