AWS finops : gross fencing strategies

• 1. Quantity : reduce account service quotas, e.g. EC2 instances.
• 2. Quality : reduce IAM permissions, e.g. to start EC2 instance types.
• 3. "Live" Governance : best effort only ... CloudTrail S3/lake ... within 5 minutes ... e.g. can log every EC2 instance creation; or, you can have a 24-7-365 node that pings the API every 5 minutes to describe live resources. Thereafter you can have custom software monitoring each resource, and killing any as necessary.