Excellent first 4. My suggested next 4 steps would be:
5. Enable and create at least 2 billing alerts. I use a mid-month and end-of-month billing alert strategy.
6. Turn on CloudTrail for all regions.
7. Sign up for CloudTrail partner like SumoLogic.
8. Create alerts (from CloudTrail logs) for suspicious behavior (root login, IAM user login without MFA, activity outside primarily used region(s), etc.)