An auditor needs read-only access to all AWS resources and logs of all VPC records and events that have occurred on AWS. What is the best way for creating this sort of access? Choose the correct answer from the options below

Answer options:

A.One should contact AWS as part of the shared responsibility model, and AWS will grant required access.
B.Create a role that has the required permissions.
C.Enable CloudTrail logging and create an IAM user who has read-only permissions to the required AWS resources, including the bucket containing the CloudTrail logs.
D.Create an SNS notification that sends the CloudTrail log files.

Answer – C
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain events related to API calls across your AWS infrastructure. CloudTrail provides a history of AWS API calls for your account, including API calls made through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This history simplifies security analysis, resource change tracking, and troubleshooting.
For more information on Cloudtrail please see the below link:
https://aws.amazon.com/cloudtrail/