This is about … .
EC2 Instance Containment
Isolate the host using restrictive ingress and egress Security Group riles.
aws ec2 modify-instance-attribute --instance-id <instance-id> --groups "<Isolation-SG>"
Isolation-SG: SSH and RDP allowed as ingress from IR enclave as source. No egress.
βWhat if all changes are governed by Terraform and need to wait for approval?
AWS Spillage Case
When spillage was detecting on AWS, you need to open up a case # with AWS Business Support for cross validation.