A security engineer must identify any Amazon EC2 instances that are running a vulnerable version of a common web framework. The security team need to quickly identify all compute resources running the specific version so they can install patches. Which approach should the team take to accomplish this task?