A company's application development team utilizes Linux-based Amazon EC2 instances configured as bastion hosts. These bastion hosts have inbound SSH access restricted to specific IP addresses, as defined in their associated security groups. The company's security team has requested a mechanism to be notified if any modifications to these security group rules result in allowing SSH access from any IP address. What solution should a DevOps engineer implement to fulfill this security requirement? | AWS Certified DevOps Engineer - Professional Quiz