A financial services company is using security-hardened AMI due to strong regulatory compliance requirements. The company must be able to check every day for AMI vulnerabilities based on the newly disclosed ones through the common vulnerabilities and exposures (CVEs) program. Currently, all the instances are launched through an Auto Scaling group (ASG) leveraging the latest security-hardened AMI. As a DevOps Engineer, how can you implement this while minimizing cost and application disruption?