I don’t know much about amplitude, so this is fairly hypothetical. I am assuming you are going to use a REST API to get your data into amplitude.
This option will give you the most granularity. If you want to do some in-depth metric tracking then I would probably look at this option first. Like you mention, you will have to bridge the gap between Amplitude and Auth0 with a lambda or something similar. (if you choose to use AWS, our eventbridge integration will make it easy)
You could use one or both of these, again depending on what type of event granularity. If you just want to track logins, then a rule will suffice. If you want to look at db signups, pw resets, and logins, then you would have to use both. If you just want db signups, then a hook.
The benefit of doing it this way is that you can make the API call to amplitude directly from the rule or hook, no need for a serverless function, etc. in the middle.
If you use a rule, keep in mind that these run on every successful authentication, and can be blocking if you wait for a response from the Amplitude API.