Which solution meets the requirements?
Copy the DynamoDB tables into Apache Hive tables on Amazon EMR every hour and analyze them for anomalous behaviors. Send Amazon SNS notifications when anomalous behaviors are detected.
Use AWS CloudTrail to capture all the APIs that change the DynamoDB tables. Send SNS notifications when anomalous behaviors are detected using CloudTrail event filtering.
Use Amazon DynamoDB Streams to capture and send updates to AWS Lambda. Create a Lambda function to output records to Amazon Kinesis Data Streams. Analyze any anomalies with Amazon Kinesis Data Analytics. Send SNS notifications when anomalous behaviors are detected.
Use event patterns in Amazon CloudWatch Events to capture DynamoDB API call events with an AWS Lambda function as a target to analyze behavior. Send SNS notifications when anomalous behaviors are detected.
Explanations:
This solution involves copying data to Apache Hive tables every hour, which does not meet the requirement for logging changes within 30 minutes. It also introduces latency and complexity that is not necessary for anomaly detection.
While AWS CloudTrail captures API calls that change DynamoDB tables, it does not provide real-time logging of changes, as there can be delays in the delivery of logs. This option also lacks a direct mechanism for immediate anomaly detection and notification.
Amazon DynamoDB Streams allows capturing changes to items in real-time. Using a Lambda function to process these streams and sending updates to Kinesis Data Streams enables near real-time anomaly detection. SNS notifications can be sent promptly when anomalies are detected, satisfying the 30-minute requirement.
Capturing DynamoDB API call events with CloudWatch Events does not provide a direct method to log changes to the item data itself. This approach would not capture all data modifications in real-time, and thus may fail to detect anomalies within the required timeframe.