You are an AWS security specialist in a company. You manage multiple AWS accounts and hundreds of IAM users. You need to keep the AWS credentials (access key IDs and secret access keys) secure.
If certain access keys are exposed to the public or compromised, you should get a notification so that immediate actions can be taken. You need an alert system to keep monitoring the access keys.
Which of the following options can quickly achieve the requirements?

Answer options:

A.AWS provides a daily credential report to the security contact email of the AWS account.
B.In AWS Trusted Advisor, use the Exposed Access Keys check to identify leaked credentials.
C.Create a Lambda function using the Exposed Access Keys blueprint to monitor the IAM credentials and notify an SNS topic.
D.Use an open-source tool to scan popular code repositories for access keys that have been exposed to the public. Configure an SQS queue to receive the security alerts.

Answer: B
Option A is incorrect because AWS does not provide a daily credential report about our AWS Infrastructure and services alerts.
Option B is CORRECT because the Exposed Access Keys check-in AWS Trusted Advisor can identify potentially leaked or compromised access keys. When there is an alert, users can take immediate actions to secure the account.
Option C is incorrect because you do not need to maintain a Lambda function for this, and there is no Exposed Access Keys blueprint available.
Option D is incorrect because AWS SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications, but this would not provide alerts in case of access keys being exposed.
Reference:
https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/