Identity is the new perimeter. Coming soon!
Ideally, you want only service accounts to be long term IAM users and credentials. Regular users would be logging in via SSO and have no need for permanent IAM credentials. This reduces the risk of an Access Key and Secret Key leaking or being misplaced.