When it comes to securing the cloud, one often overlooked part is monitoring failed login attempts, and more specifically in this case failed login attempts to the AWS console. Of course things like strong user passwords and enabling 2FA should be the first setting you do when creating a new account. But now that you up and running, you could have a situation where someone manages to get some usernames from you company and starts trying to break in, how would you know?