The operations Team has observed that few critical vaults are deleted from the Amazon S3 Glacier using AWS CLI. Operation Head is looking for details of the users who perform these operations. They are seeking help from you specifically to get the time of deletion and source IP address.
Which service can be used to get the required information?

Answer options:

A.Create an Amazon CloudTrail trail to log data events.
B.Create an Amazon CloudTrail trail to log all events.
C.Create an AWS Config rule.
D.Create AWS Trusted Advisor checks.

Correct Answer: B
Amazon S3 Glacier is integrated with Amazon CloudTrail. A CloudTrail trail can be created to log all events to Amazon S3 buckets. All the API actions made to vault like describe vault, delete vault, create vaults in Amazon S3 Glacier are captured in these logs. Logs consist of details like time of activity as well as details of users which includes account id, user name, arn, etc. Data Events provides insights into data plane operations on the resources which include operations such as Amazon S3 object-level APIs and Lambda function invoke API.
For logging operations made to Amazon S3 Glacier, data events are not required. 
Option A is incorrect as Amazon CloudTrail trail with data events is required for Amazon S3 to log objects levels events. It is not required to log actions made to vaults in Amazon S3 Glacier.
Option C is incorrect as the AWS Config rule cannot be used to get details of the changes made to Amazon S3 Glacier vaults.
Option D is incorrect as AWS Trusted Advisor cannot be used to get details of the changes made to Amazon S3 Glacier vaults.
For more information on Amazon CLoudTrail logs for Amazon S3 Glacier, refer to the following URL,
https://docs.aws.amazon.com/amazonglacier/latest/dev/audit-logging.html
https://aws.amazon.com/cloudtrail/faqs/