Terraform AWS Incident Response Sandbox
IAM user
- remove all policies associated with the user (log what they were)
- move user to the
/compromised
path
EC2 instance
- isolate it
- CI
- add linting
- auto-generate docs
- add cloudwatch alarms and sns topics for 'spending guard'
- add misconfigured s3 bucket generation to a non-malicious instance