What should a SysOps administrator do to implement this requirement?
Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console.
Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an AWS CloudFormation template.
Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only.
Share an AWS CloudFormation template with the business units. Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.
Explanations:
EC2 launch configurations are used with Auto Scaling groups, not for directly provisioning instances. This option does not limit EC2 configurations.
An IAM policy alone cannot enforce specific EC2 configurations. CloudFormation can help manage instance creation, but the IAM policy approach alone isn’t sufficient for the requirement.
AWS Service Catalog allows the creation of approved products (EC2 configurations) that business units can use to launch instances. This enforces the use of specific configurations.
Sharing a CloudFormation template alone does not guarantee that only approved configurations are used unless explicitly tied to a Service Catalog product or other restriction mechanisms.