devops video for a large hospital has an online medical record system that is hosted in a fleet of Windows EC2 instances with several EBS volumes attached to
A large hospital has an online medical record system that is hosted in a fleet of Windows EC2 instances with several EBS volumes attached to it. The IT Security team mandated that the latest security patches should be installed to all of their Amazon EC2 instances using an automated patching system. They should also have to implement a functionality that checks all of their EC2 instances if they are using an approved Amazon Machine Image (AMI) in their AWS Cloud environment. The patching system should not impede developers from launching instances using an unapproved AMI, but nonetheless, they still have to be notified if there are non-compliant EC2 instances in their VPC. As a DevOps Engineer, which of the following should you implement to protect and monitor all of your instances as required above?