Tiny collection of scripts to isolate an EC2 instance and start with the joy of forensics. In the case of a compromised EC2 instance within your fleet, it’s time for getting prepared for Incident Response and Threat Hunting. To get started you have two Options:

1. Use the manual bash scripts to isolate the Instance either by AWS CLI or from inside the instance
2. A predefined Step-Function that helps you to automate the isolation step as much as possible including basic forensic actions

Anyway here’s the link: Inspector AWSome