Or chuck out their current CISC infrastructure and switch over to a RISC-based one? (unlikely).
Given that we know ARM is impacted by these security flaws as well, the CISC/RISC calculation remains unchanged - unless you're suggesting they port the whole of AWS to MIPS.