An organization has hired an external firm to audit unauthorized changes on the company's AWS environment, the external auditor needs appropriate access. How can this be accomplished?
A.
Create an IAM user and assign them a new policy with GetResources access on AWS Artifact
B.
Create an IAM user and add them to the existing ג€Administratorג€ IAM group
C.
Create an IAM user and assign them a new IAM policy with read access to the AWS CloudTrail logs in Amazon S3
D.
Create an IAM user and assign them a new policy with ListFindings access on Amazon Inspector
AWS CloudTrail provides detailed logs of API activity within an AWS account, including changes made to resources. These logs can be invaluable for auditing and tracking unauthorized changes. By granting the auditor read access to the CloudTrail logs in Amazon S3, they will be able to review the logs and identify any unauthorized or suspicious activity.
Creating an IAM user specifically for the auditor allows you to control their access separately from other users or groups. By assigning a new IAM policy with read access only to the CloudTrail logs in Amazon S3, you can limit the auditor's permissions to the necessary resources without granting unnecessary privileges.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
saumenP
Highly Voted 2 years, 5 months agoalbert_kuo
Most Recent 9 months, 4 weeks ago