AWS gives you few options to sort this out. I think your best shot is SSM. If you can't use SSM for some reason you can use S3 as well, and apply a policy similar to the one you use to access SSM.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.