🔥 3-day streak
AWS Certified DevOps Engineer - Professional119 / 204
Question 119 of 204
A financial services company runs workloads across 40 AWS accounts in an organization. The security team maintains a list of approved (hardened) AMI IDs. They want to continuously detect any EC2 instance launched from a non-approved AMI across all accounts, record the compliance state centrally for audits, AND prevent developers from launching non-approved AMIs in the first place. Which combination of controls best satisfies both the detective and preventive requirements with the least custom code?
Reviewed for accuracy · Report an issueNext question