An engineering firm uses many Amazon S3 buckets to save all project-related documents that should be accessible only by internal teams. The Operations team uses AWS Config to scan all S3 buckets to check public access & mark them as non-compliant. Security Lead is looking for remediation action for all non-compliant Amazon S3 buckets immediately with the most effective & cost-efficient way.
Which actions can be taken to remediate public access?

Answer options:

A.Use cron jobs to disable public read access from non-compliant Amazon S3 bucket. 
B.Use Amazon System manager runbook to disable public read access from non-compliant Amazon S3 bucket. 
C.Manually block public access for non-compliant Amazon S3 bucket. 
D.Create a custom Lambda function to disable public read access from non-compliant Amazon S3 bucket. 

Correct Answer: B
Amazon System manager runbook can be used to take immediate actions for all non-compliant resources evaluated by AWS Config. With the Amazon System manager runbook, there is an option to use pre-populated managed runbooks or create custom remediation actions.
Options A & C are incorrect as this will require additional admin work to block public access for all Amazon S3 buckets manually.
Option D is incorrect as using the Lambda function will incur additional costs.
For more information on using AWS Systems Manager with AWS Config, refer to the following URLs,
https://docs.aws.amazon.com/config/latest/developerguide/remediation.html
https://aws.amazon.com/blogs/mt/using-aws-systems-manager-opscenter-and-aws-config-for-compliance-monitoring/