Which solution meets these requirements?
Set up an Amazon CloudWatch Events rule that triggers an Amazon SNS notification.
Create root user access keys. Use an AWS Lambda function to parse AWS CloudTrail logs from Amazon S3 and generate notifications using Amazon SNS.
Set up a rule in AWS Config to trigger root user events. Trigger an AWS Lambda function and generate notifications using Amazon SNS.
Use Amazon Inspector to monitor the usage of the root user and generate notifications using Amazon SNS.
Explanations:
Using Amazon CloudWatch Events to trigger an Amazon SNS notification is a valid method to monitor the use of the root user. You can create a rule to detect the use of the root user based on AWS CloudTrail logs and immediately notify the security team via SNS.
Creating root user access keys is not recommended because AWS best practices state that the root user should not have access keys or be used for daily tasks. Also, the Lambda function approach to parsing CloudTrail logs and generating notifications is overly complicated for this requirement.
AWS Config is primarily used for compliance monitoring and configuration management, not for tracking root user actions. It does not have the specific capability to trigger on root user activity directly in real-time for alerting. CloudWatch Events is a better fit.
Amazon Inspector is used for security assessment, but it does not provide monitoring or alerting capabilities specifically for root user activities in real time. CloudWatch Events is a more suitable service for monitoring root user actions.
I calculate that the answer is:
Set up an Amazon CloudWatch Events rule that triggers an Amazon SNS notification.