Identity and Access Management
Use roles instead of user
Wherever it is possible, use IAM roles instead of users. Roles have no credentials that can be lost or leaked.
Deny IAM operations
Sometimes it is necessary to allow a wide spread of operations to a role or user. Add an IAM deny policy if possible to reduce the impact in case of abuse.
Multi-Factor Authentication adds an additional security layer.
Remove Root Credentials
Never user root credentials! Remove the access keys to ensure that each access is via user / roles.
CloudTrail can log all API requests.
GuardDury can analyze your logs and detect threats.