Which design meets these requirements?

1 Comment

  1. Megan
    Author

    I assess that the answer is:
    Apply a service control policy (SCP) that denies access to all services except IAM, Amazon Athena, Amazon S3, and AWS CloudTrail. Store customer record files in Amazon S3 and train users to execute queries using the CLI via Athena. Analyze CloudTrail events to audit and alarm on queries against personal data.

Leave a Reply

Your email address will not be published. Required fields are marked *

ten + 13 =