The process that requires access to AWS services across the board needs to be granted permissions by using temporary credentials instead of hardcoding fixed credentials in the process memory space. AWS Cognito's Identity Pool and Amazon STS are a few options for implementing a mechanism where services can request temporary credentials that are scoped to the narrowest possible permissions and are valid for a short period of time (typically an hour).
Adopting this approach, the scope of misuse of compromised credentials is reduced in time and space.