3 Answers
Lambda is used to run scripts on an event triggered from CloudTrail or CloudWatch. It doesn’t trigger events to send to SNS.
Option 4 is more specific than the option 1. The CloudWatch event rule functions as an an event listener, you need to specify the event source and type of event that you want the CloudWatch event rule to monitor.
CloudTrail monitors API calls and is used for auditing purposes. It records information which includes the user, resources (e.g. EC2 instance, S3 bucket, DynamoDB table, etc.), the actions performed and the parameters, along with the success status. This information is used to track changes made to your AWS resources and to troubleshoot operational issues. CloudTrail usually delivers log information within 15 minutes and makes it easier to ensure compliance with internal policies and regulatory standards.
CloudWatch Events provides near a real-time stream of actions to your AWS environment and can respond accordingly by triggering functions, making modifications and tracking state information.
Both CloudTrail and CloudWatch Events should be used as CloudWatch Events does not capture all the information recorded by CloudTrail.
A Lambda function can be used to publish messages to SNS topics which will produce SNS notifications. However, Lambda does not provide the auditing capability of CloudTrail.
CloudTrail details: https://aws.amazon.com/cloudtrail/faqs/
CloudWatch Events information: https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/WhatIsCloudWatchEvents.html
Further reading for SNS and Lambda: https://docs.aws.amazon.com/sns/latest/dg/sns-lambda-as-subscriber.html
Thank you all
Thanks to Jennifer for the very thorough explanation!