How would you isolate a compromised EC2 instance in a production environment without losing forensic data at Amazon Services?