Identity pools allow to grant users access to AWS Services. We just have to know the id and we will get credentials from an endpoint.
Enumerate permissions associated with cognito credentials with enumerate-iam.
Automates configuration windows servers & clients. Can be written as ps1 and then must then be compiled to .mof files.
Can apply DSCs to machines. This requires the "Command Document" "AWS-ApplyDSCMofs".
Inspec allows to check deployed labs for correctness.