It is AWS best practice to remove entries in security group which allows DNS access from public IP to reduce possibility of breach. Allowing unrestricted DNS access can increase threats such as Denial of Service (DoS) attacks or Distributed Denial of Service (DDoS) attacks.
If CPUUtilization of any instance having required cloudwatch alarm set, If CPUUtilization goes high then this workflow will be triggered and it will lower down the CPUUtilization of the machine by rebooting the process inside the machine.
This workflow send report of all the EC2 instances which are idle from the past 7 days and are launched before 7 days. Instance is identified as idle if its CPU Utilization is less than 2% and Network In/Out is less than 5MB. You can also give other configurations for this workflow.