This bear has the ability to spin up an AWS cluster of bears, unfortunately.

They're still subject to economic considerations (assuming a non-state actor). If the expected value on a cracked account is less than the expected cost to crack it, a rational actor won't bother. That they may use cracked AWS accounts, or botnets, to perform this cracking does not change these economic considerations.

AWS is probably the most expensive way to do this.

Either rent some machines from an ex-crypto miner, since AES can be decyphered on GPUs or get some old extremely cheap boxes from the hetzner auction.

People who are trying to crack these passwords are also likely to be using compromised AWS accounts.

There isn't just one bear.