A company is hosting sensitive data in an AWS S3 bucket. It needs to be ensured that the objects in the bucket always remain private. How can this be ensured continually? Choose 2 answers from the options given below.

Answer options:

A.Use AWS Config to monitor changes to the S3 Bucket.
B.Use the AWS Lambda function to change the S3 bucket policy.
C.Use AWS Trusted Advisor API to monitor the changes to the AWS Bucket.
D.Create an SNS topic to provide notifications.

Answer: A and B
Option A is CORRECT because AWS Config helps keep track of changes to the S3 bucket. Any changes made, can produce an alert using the AWS CloudWatch event or SNS topic.
Option B is CORRECT because if the bucket objects are found to allow public access, the Lambda function overwrites it to be private.
Option C is incorrect because AWS Trusted Advisor inspects your AWS environment and makes recommendations for saving money, improving system performance, or closing security gaps, but it cannot be used to detect changes on the S3 bucket and revert it back to the desired state.
Option D is incorrect because the SNS notifications do not automatically fix the incorrect S3 configurations. In this scenario, a Lambda function is required to modify the S3 bucket policy.
For more information on the implementation of this use case, kindly refer to the following URLs:
https://aws.amazon.com/blogs/security/how-to-use-aws-config-to-monitor-for-and-respond-to-amazon-s3-buckets-allowing-public-access/
https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/