A large company that uses AWS recently received an email from the AWS Abuse team. The email informed them that an IAM user associated with the company's AWS account had their access key and secret access key pair published in public code repositories, although there are no signs yet of any compromise within the company's AWS account. The IAM user in question is designated as a service account and is used in a critical customer-facing production application with hard-coded credentials. To address this situation and minimize application downtime, you have been tasked as an AWS Certified Security Specialist for implementing a solution that protects the AWS account from any unauthorized access. Which of the following steps would you suggest?