Which solution will meet this requirement with the LEAST operational overhead?
Create an Amazon CloudWatch custom metric to monitor certificate expiration for all ACM certificates. Create an Amazon EventBridge rule that has an event source of aws.cloudwatch. Configure the rule to send an event to a target Amazon Simple Notification Service (Amazon SNS) topic if the DaysToExpiry metric is less than 14. Subscribe the appropriate email addresses to the SNS topic.
Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry metric for all ACM certificates. Configure the rule to send an event to a target Amazon Simple Notification Service (Amazon SNS) topic if DaysToExpiry is less than 14. Subscribe the appropriate email addresses to the SNS topic.
Create an Amazon CloudWatch dashboard that displays the DaysToExpiry metric for all ACM certificates. If DaysToExpiry is less than 14, send an email message to the appropriate email addresses. Send the email message by running a predefined CLI command to publish to an Amazon Simple Notification Service (Amazon SNS) topic.
Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry metric for all ACM certificates. Configure a target SMS identity that uses a predefined email template. Configure the rule to send an event to the target SMS identity if DaysToExpiry is less than 14.
Explanations:
While creating a CloudWatch custom metric and an EventBridge rule is a valid approach, it adds unnecessary complexity. ACM already provides integration with EventBridge, and using CloudWatch custom metrics for certificate expiration requires additional operational overhead and maintenance.
This option directly leverages the built-in capabilities of Amazon EventBridge with ACM, allowing for a straightforward evaluation of the DaysToExpiry metric. When the expiration is less than 14 days, the rule sends an event to an SNS topic, which can notify subscribers via email. This method requires minimal setup and maintenance.
Creating a CloudWatch dashboard and running CLI commands to send notifications involves more manual steps and operational overhead. It does not provide an automated solution for monitoring expiration, as the email notifications depend on executing commands, which is less efficient compared to using EventBridge directly.
This option incorrectly describes the use of an SMS identity for sending email notifications. EventBridge can evaluate conditions for certificates, but using SMS for email notifications is not appropriate. Furthermore, this option lacks clarity on how to handle the evaluation and notification effectively, making it less optimal than option B.