CyberSafe Corp's security team wants to prevent the creation of EC2 security group inbound rules with 0.0.0.0/0 as the source across all NonProd accounts within their AWS Organization, which currently uses EventBridge to notify an SNS topic upon such rule creations, and they need a solution with minimal operational overhead. Which solution will meet this requirement with the LEAST operational overhead?