Which combination of steps will meet these requirements?
(Choose three.)
Create an Amazon EventBridge (Amazon CloudWatch Events) rule. Define a pattern with the detail-type value set to AWS API Call via CloudTrail and an eventName of CreateUser.
Configure CloudTrail to send a notification for the CreateUser event to an Amazon Simple Notification Service (Amazon SNS) topic.
Invoke a container that runs in Amazon Elastic Container Service (Amazon ECS) with AWS Fargate technology to remove access.
Invoke an AWS Step Functions state machine to remove access.
Use Amazon Simple Notification Service (Amazon SNS) to notify the security team.
Use Amazon Pinpoint to notify the security team.
Explanations:
Creating an Amazon EventBridge rule to capture theCreateUserevent from CloudTrail is correct as it enables automatic detection of new IAM user creation events.
Invoking a Step Functions state machine to remove access is correct as it can orchestrate steps to disable the new user’s access based on the detected event.
Using Amazon SNS to notify the security team is correct, as SNS is an effective way to send notifications when a new IAM user requires approval.
CloudTrail does not directly support sending notifications; EventBridge rules should be used to capture the event and initiate subsequent actions.
While ECS with Fargate could perform actions, using Step Functions is more straightforward and directly manages workflow sequences like user access removal.
Amazon Pinpoint is more suitable for targeted customer communications rather than internal notifications, making SNS the preferred option for notifying the security team.