That wouldn't prevent it but it would make it much more difficult. Although, I suppose you could automate the whole thing, right from the stealing of the credentials to the booting up of 100 new instances and adding them to the ddos cloud.
I wonder if this has ever been done, or if the number of AWS users is just too low to make it worthwhile (like the old argument of why macs don't have viruses)?
