Which solution will meet these requirements?
Add an automatic remediation option to an AWS Config rule for access key rotation. Create an AWS Systems Manager Automation runbook. Use AWS CloudFormation StackSets to deploy the runbook. Activate the AWS Config rule. Link the runbook as the automatic remediation step.
Add an automatic remediation option to an AWS Config rule for access key rotation. Create an AWS Systems Manager Automation runbook. Use AWS CloudFormation change sets to deploy the runbook. Activate the AWS Config rule. Link the runbook as the automatic remediation step.
Add an automatic remediation option to an AWS Systems Manager rule for access key rotation. Create a Systems Manager Automation runbook. Use AWS CloudFormation StackSets to deploy the runbook. Activate the Systems Manager rule. Link the runbook as the automatic remediation step.
Add an automatic remediation option to an AWS Systems Manager rule for access key rotation. Create a Systems Manager Automation runbook. Use AWS CloudFormation change sets to deploy the runbook. Invoke an AWS Lambda function to link the runbook as the automatic remediation step.
Explanations:
This solution meets the requirements by setting up an AWS Config rule specifically for access key rotation, enabling automatic remediation, and using AWS Systems Manager Automation and CloudFormation StackSets to deploy across multiple accounts, making it scalable and automated.
AWS CloudFormation change sets are used to preview updates to a stack rather than to deploy across multiple accounts. This option does not provide cross-account deployment as required.
AWS Systems Manager does not support rules for access key rotation directly. Access key rotation rules are managed by AWS Config, making this option invalid.
Systems Manager does not support rules for access key rotation, and the use of AWS Lambda to link the runbook as an automatic remediation step is unnecessary and incorrect in this scenario.