How can this be accomplished?
Create an IAM user and assign them a new policy with GetResources access on AWS Artifact
Create an IAM user and add them to the existing ג€Administratorג€ IAM group
Create an IAM user and assign them a new IAM policy with read access to the AWS CloudTrail logs in Amazon S3
Create an IAM user and assign them a new policy with ListFindings access on Amazon Inspector
Explanations:
AWS Artifact provides access to compliance reports, not to auditing unauthorized changes. The necessary access to logs or activity history is not granted by this policy.
Assigning the auditor to the “Administrator” group would provide excessive permissions, potentially exposing sensitive resources beyond what is needed for auditing unauthorized changes.
Providing the auditor with read access to AWS CloudTrail logs in Amazon S3 is the correct way to monitor and audit changes in the AWS environment, as CloudTrail logs track all API activities including unauthorized changes.
Amazon Inspector is primarily used for security assessments and vulnerability management, not for auditing changes or tracking unauthorized activities in the AWS environment.