What should be done to check all of the instances in the environment with the LEAST operational overhead?
Create and run an Amazon Inspector assessment template.
Manually SSH into each instance and check the software version.
Use AWS CloudTrail to verify Amazon EC2 activity in the account.
Write a custom script and use AWS CodeDeploy to deploy to Amazon EC2 instances.
Explanations:
Amazon Inspector is a security assessment service that automatically checks the software version and configuration of EC2 instances for vulnerabilities. It provides a quick and automated way to scan instances, reducing operational overhead.
Manually SSHing into each instance is inefficient, especially in large environments. This method involves high operational overhead and is prone to human error.
AWS CloudTrail logs API calls and does not provide specific details about software versions installed on EC2 instances. It is not suitable for detecting vulnerable software versions.
Writing a custom script and using AWS CodeDeploy would require additional setup and manual work, increasing operational overhead. It is not as efficient as using Amazon Inspector for scanning vulnerabilities.