-
Hi Jon, got it, but one of the correct answers mentions:
Use AWS Config to determine any launches of Amazon EC2 instances based on non-approved AMIs. Configure the rule to trigger a Lambda function that will automatically terminate the EC2 instance. Publish a message to an Amazon SNS topic to inform the IT Security and Development teams about the occurrence.
I think this is wrong, you can not configure the rule to trigger a Lambda function, as you say you have to use CW Events with Lambda function as a target, and maybe another target with SNS
Another option would be Remediation action with SSM document
