Build a pipeline for the generation of your images where all the hardening according to your organizational policies is done and all the agents required for golden image (the image that you use as base to deploy your applications) is pre-installed, agents such as an anti-malware, file integrity monitoring tools if you use, and the AWS Systems Manager agent if it is not pre-installed on the managed image (AMI) you chose to start with, such as Amazon Linux 2 as it’s pre-installed in several linux distribution and windows versions.
The service is free (you only pay for the resources/images generated by the solution)