A US-based healthcare startup manages an interactive diagnostic tool for COVID-19 related assessments. The users are required to capture their personal health records via this tool. As this is sensitive health information, the backup of the user data must be kept encrypted in Amazon Simple Storage Service (Amazon S3). The startup does not want to provide its own encryption keys but still wants to maintain an audit trail on the usage of the encryption key. What do you recommend?