Enterprises trying to deploy infrastructure to the cloud and independent software companies trying to deliver a service have similar problems to solve. They need to know how to create an environment in AWS that enforces least-privilege access between components while also allowing administration and change management. Amazon Elastic Cloud Compute (EC2) and Identity and Access Management (IAM), coupled with services like AWS Security Token Service (STS), offer the necessary building blocks. In this session, we walk through some of the mechanisms available to control access in an Amazon Virtual Private Cloud (VPC). Next, we focus on using IAM and STS to create a least-privilege access model. Finally, we discuss auditing strategies to catch common mistakes and discuss techniques to audit and maintain your infrastructure.