A company wants to improve security by granting developers the ability to perform specific actions on Amazon EC2 instances only during business hours. They also want the ability to track who made specific changes to the EC2 instances and automate patch management for these instances. Which combination of services should the company use to meet these requirements?