https://aws.amazon.com/blogs/security/how-to-revoke-federated-users-active-aws-sessions/
- SCP
- AWS policies: managed policies, Job functions, AWS trust policy, AWS Service Control Policy (SCP), Resource-based policies, Identity-based policies,
"Resource":, Job function, AWS Policy Generator, s3:, lambda:, cloudwatch:, AWSSecretsManagerReadWriteAccess
