A security and compliance team requires that all Amazon EC2 workloads use approved Amazon Machine Images (AMIs). A sysops administrator must implement a process to find EC2 instances launched from unapproved AMIs.
Which solution will meet these requirements?
- Create a custom report using AWS Systems Manager inventory to identify unapproved AMIs.
- Run Amazon Inspector on each EC2 instance and flag the instance if it is using unapproved AMIs.
- Use an AWS Config rule to identify unapproved AMIs.
- Use AWS Trusted Advisor to identify the EC2 workloads using unapproved AMIs.
AWS Config has a managed rule [1] that handles this scenario.
[1] https://docs.aws.amazon.com/config/latest/developerguide/approved-amis-by-tag.html