Change the root password and passwords for all IAM users
Add / Validate MFA for all Admin users and console access users
Create new EC2 key pairs and update instances (delete compromised keys)
Relaunch the instance and create new AMI to relaunch if needed; edit ssh/authorized keys file
Rotate and delete IAM access keys
Delete unrecognized or unauthorized resources
Instances
IAM Users
Spot Bids
-
Often times the worst attacks occur after the first vulnerability appears to have been remediated. Be Vigilant!!!