User Data Script Persistence
Maintain access to an EC2 instance and it's IAM role via user data scripts.
Leverage stolen credentials to use the AWS Console.
Intercept SSM Communications
With access to an EC2 instance you can intercept, modify, and spoof SSM communications.
Role Chain Juggling
Keep your access by chaining assume-role calls.
S3 File ACL Persistence
Maintain access to S3 resources by configuring Access Control Lists associated with S3 Buckets or Objects.