A cloud-based payments company is heavily using Amazon EC2 instances to host their applications in AWS Cloud. They would like to improve the security of their cloud resources by ensuring that all of their EC2 instances were launched from pre-approved AMIs only. The list of AMIs is set and managed by their IT Security team. Their Software Development team has an automated CI/CD process that launches several EC2 instances with new and untested AMIs for testing. The development process must not be affected by the new solution, which will be implemented by their Lead DevOps Engineer. Which of the following can the Engineer implement to satisfy the requirement with the LEAST impact on the development process? (Select TWO.)