SEC 3: How do you control programmatic access?

Control programmatic or automated access with appropriately defined, limited, and segregated access to help reduce the risk of unauthorized access. Programmatic access includes access that is internal to your workload, and access to AWS related resources.

Resources

Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances
Temporary Security Credentials
AWS Secrets Manager

Best Practices:

Improvement Plan

Define programmatic identity and access management requirements
Define requirements that will help you control programmatic or automated access with appropriately defined, limited, and segregated access.

Configure programmatic access

Remove insecure configurations
After you configure best practices, remove unused insecure configuration items.

Resources from partners
Access & Control
Infrastructure Software/Security