[Mao]

Thanks for your answer and help me to understand

Best

[Mao]

Thank you!!

[Mao]

Hi Jon, got it, but one of the correct answers mentions:

Use AWS Config to determine any launches of Amazon EC2 instances based on non-approved AMIs. Configure the rule to trigger a Lambda function that will automatically terminate the EC2 instance. Publish a message to an Amazon SNS topic to inform the IT Security and Development teams about the occurrence.

I think this is wrong, you can not configure the rule to trigger a Lambda function, as you say you have to use CW Events with Lambda function as a target, and maybe another target with SNS

Another option would be Remediation action with SSM document