Correct answer - "CloudTrail" : CloudTrail captures a subset of API calls for Amazon S3 as
events, including calls from the Amazon S3 console and from code calls to the Amazon S3 APIs. If
you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3
bucket, including events for Amazon S3. If you don't configure a trail, you can still view the
most recent events in the CloudTrail console in Event history.
"S3 Access Logs" - Records of access attempts made against objects in your bucket. Logs contain
info for bucket request, time, remote ip, request-uri and more
"VPC Flow Logs" - VPC Flow Logs is a feature that enables you to capture information about the IP
traffic going to and from network interfaces in your VPC
"IAM" - IAM allows you to add users, group and set permissions but not for auditing API calls
For more information visit