It's not fun, I got hacked through an archived git repo, for when I was learning to use AWS, following tutorials and whatnot.
Forgot about it for years, then out of nowhere got hit for 27k...needless to say I said good luck collecting that shit.
They waived it all granted I logged in and deleted all resources that were running as well as removed all identities. Sure as hell I did that and saw a ton of identities out in the middle of nowhere. Fucking hackers ran up a shit ton of AWS sagemaker resources trying to probably hack some dude's wallet.
Every time I see a tutorial on how to deploy x in AWS, I get pissed. The newbies need to learn about administration before they start deploying shit on cloud infra.
Funny thing I had a paranoid freakout too before I got hacked on AWS, I had bought a visa gift card and that's what I put in as a payment card on AWS. Of course they know where I live and could still screw me, but they would have to do it on their own dime.
They make it really hard to leave or just use a specific service only. I use them for DNS, objectively it's supposed to be cheap AF pay yearly, but now I have to pay $2 a month just to do all the auxiliary stuff to notify me that I got hacked.
I'm buying a server rack soon and just got a full symmetric fiber line put in so I can do my own hosting.