An organization has a serverless application using AWS Lambda, Amazon API Gateway. Recently, the DevOps team discovered that the IAM roles associated with the Lambda functions had been manually modified. The organization must identify these unauthorized changes and ensure all resources are in sync with the CloudFormation stack. Which solution will help the company identify these changes?