Are there any best practices for sending logs from ECS on EC2, ECS on Fargate and other AWS services such as API GW, load balancers (and more AWS services) to Splunk?

A customer wants to get various flavors of logs from ECS on EC2, ECS on Fargate, API GW logs, load balancer logs, (and potentially RDS Aurora) to Splunk endpoint

Following have already been referenced to the customer Splunk white paper: https://www.splunk.com/pdfs/white-papers/getting-data-into-gdi-splunk-from-aws.pdf  And a couple of these blog posts https://www.splunk.com/en_us/blog/it/splunking-aws-ecs-part-2-sending-ecs-logs-to-splunk.html https://www.splunk.com/en_us/blog/it/splunking-aws-ecs-and-fargate-part-3-sending-fargate-logs-to-splunk.html 
 The challenge is which approach to use as we they ECS Fargate and ECS on EC2 along with other AWS services for which they want to centralize their logs. Currently they are considering separate lambda functions for ECS, lambda for LBs etc. to pull logs from cloudwatch and push them to Splunk endpoint. Trying to seek suggestions on what could be the best practices.