Answer: B, C
Server access logging provides detailed records for the requests that are made to a bucket. Server access logs are useful for many applications. For example, access log information can be useful in security and access audits.
For details on how to enable logging for S3, refer to documentation here.
https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html#server-access-logging-overview
For information about the format of the log file, refer to documentation here.
https://docs.aws.amazon.com/AmazonS3/latest/dev/LogFormat.html
For option A, S3 is a managed service and not part of VPC. So enabling VPC flow logs does not report traffic sent to the S3 bucket.
Option B is correct.
Option C is correct. Using the information collected by CloudTrail, you can determine what request was made to Amazon S3, the source IP address from which the request was made, who made the request, when it was made, and so on. This information helps you to track changes made to your AWS resources and to troubleshoot operational issues.
For detailed information about how S3 requests are tracked using CloudTrail, refer to documentation here.
https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudtrail-logging.html#cloudtrail-logging- s3-info
For option D, although CloudWatch has metrics for S3 requests, this does not provide detailed information about each request. It generates metrics for the number of requests sent for each type.
For more information about S3 CloudWatch request metrics, refer to documentation here.
https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudwatch-monitoring.html#s3-request-cloudwatch-metrics
