Lock away your AWS account root user access keys

Grant least privilege access - don't give open policies expecting that they will be restricted later. It will never happen

Enable identity federation : centrally manage users and access across multiple applications and services. For federation to multiple accounts in your organisation AWS Single Sign On. ( Post coming soon )

Enable MFA. (you can use Credential Report to export a report of all the users in your AWS organisation and check the status of their credentials, psw expiration, MFA is enabled and so on)

Rotate credentials regularly

Enable IAM Access Analyser to analyse public, cross-organisation access. ( see post serverless days workshop)

Use Permission boundaries to prevent privilege escalation

Use Roles to delegate permissions