A security team has mandated that only approved Amazon Machine Images (AMIs) can be used for launching Amazon EC2 instances. The security team requires a method of automatically validating compliance with the new mandate. Which solution can the security team use to find unapproved AMIs for new and existing Amazon EC2 instances?