Doesnt appear this forum is answered anymore but Im fairly confident this answer is wrong – Config CANNOT trigger Lambda to perform corrective actions WITHOUT CloudWatch events. There’s several other Q&As that confirm this so this answer just confused me. The link that gets provided in the answer just states that Lambda function evaluates the rule, not perform an action.
You have requested that your development team do not provision any new EC2 instances over the next few weeks while you are completing a security audit of your development environment. Last weekend, many of the developers worked over time and most of them disregarded your request, which has invalidated a lot of the work you have completed so far. You have decided to take action to prevent this happening again and you have convinced the CTO to give you permission to automatically terminate any instances that the development team launches over the coming weeks. You want to accomplish this in the simplest way that will ensure any newly created EC2 instances are terminated as soon as possible to minimise the impact on your work. From the following choices, which two different approaches can be taken to address the situation?
(Incorrect) Answer given:
Use an AWS Config customer managed rule to invoke a Lambda function that automatically terminates any new instances.
Customer managed rules are custom rules, defined and built by you. You can create a function in AWS Lambda to terminate EC2 instances that can be invoked as part of a custom rule and these functions execute in your account.
https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html