Which solution will meet these requirements with the LEAST operational overhead?
Create an AWS Lambda function to query AWS CloudTrail logs and to send an alert when a CreateImage API call is detected.
Configure AWS CloudTrail with an Amazon Simple Notification Service (Amazon SNS) notification that occurs when updated logs are sent to Amazon S3. Use Amazon Athena to create a new table and to query on CreateImage when an API call is detected.
Create an Amazon EventBridge (Amazon CloudWatch Events) rule for the CreateImage API call. Configure the target as an Amazon Simple Notification Service (Amazon SNS) topic to send an alert when a CreateImage API call is detected.
Configure an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail logs. Create an AWS Lambda function to send an alert to an Amazon Simple Notification Service (Amazon SNS) topic when a CreateImage API call is detected.
Explanations:
While using AWS Lambda to query CloudTrail logs can detect CreateImage calls, it involves more operational overhead in managing Lambda functions and periodic querying. This solution is less efficient and requires continuous monitoring of logs.
This option involves configuring CloudTrail to send logs to S3 and using Athena to query the logs, which adds complexity and requires managing S3 storage and Athena queries, leading to higher operational overhead.
This solution utilizes Amazon EventBridge to directly capture the CreateImage API calls and trigger an SNS notification, providing a straightforward, event-driven approach with minimal operational overhead.
Using SQS as a target for CloudTrail logs requires processing messages and managing a Lambda function to send alerts, adding unnecessary complexity compared to a more direct solution like EventBridge.