According to the shared responsibility model , if you use an encapsulated / managed service such as Amazon Relational Database Service or an Abstract / serverless service such as Amazon S3 where the customer doesn’t have access to the operating system, as it’s managed by AWS, you don’t need to worry about the the Anti-malware (which is implemented as it’s required by PCI-DSS certification); It is managed, updated, and monitored by AWS.
If you chose infrastructure services such as Amazon EC2 , then you are responsible for the operating system Hardening, applying the patches of both the operating system and the applications that are there, and for implementing an anti-malware / EDR (Endpoint Detection and Response) / Runtime protection.
It is recommended for every instance to have an anti-malware / EDR solution / Runtime protection to provide the ability to detect and stop attacks like ransomware , troyans and worms
There are numerous solutions from our partners such as Crowdstrike , McAfee or Trend Micro in the AWS Marketplace