Which solution will meet these requirements?
Configure AWS Audit Manager on the account. Select the Payment Card Industry Data Security Standards (PCI DSS) for auditing.
Configure Amazon S3 Inventory on the S3 bucket Configure Amazon Athena to query the inventory.
Configure Amazon Macie to run a data discovery job that uses managed identifiers for the required data types.
Use Amazon S3 Select to run a report across the S3 bucket.
Explanations:
AWS Audit Manager is designed for auditing compliance with standards like PCI DSS but does not specifically perform data discovery to identify sensitive data types such as PII or financial information. It focuses on the audit process rather than scanning and identifying sensitive data in S3 buckets.
Amazon S3 Inventory provides a way to list objects and their metadata but does not offer capabilities for data discovery or sensitive data identification. Additionally, querying the inventory with Amazon Athena will not help in finding PII or financial information unless specific queries are designed, which may not comprehensively cover all sensitive data.
Amazon Macie is specifically designed for data security and privacy, using machine learning to automatically discover and classify sensitive data in AWS. It includes managed identifiers that can detect PII and financial information like passport numbers and credit card numbers, making it the most appropriate solution for the company’s requirements.
Amazon S3 Select allows you to retrieve a subset of data from S3 objects but does not perform data discovery or analysis on its own. It cannot identify sensitive information across the bucket; it merely allows querying of existing data based on specified conditions, which may not ensure comprehensive PII or financial information identification.