Now you can restrict access further. What options do you have? The Complete AWS IAM Reference shows you that you can use many resource-level permissions. For example, you can restrict that it is only allowed to use a certain AMI like Amazon Linux 2016.03.3 (64bit, gp2).
You can take it even further. The Complete AWS IAM Reference shows that you can use a condition to restrict based on instance type. To save money in your dev account you may only allow t2.micro instances.
For every AWS service, different actions are available. Depending on the action you can use resource-level permissions and sometimes also conditions. The Complete AWS IAM Reference collects all that information and makes it accessible to you.
Are you part of a highly motivated DevOps team? Use marbot, a friendly chatbot, to forward all kind of alerts from your AWS infrastructure to Slack. Alerts are escalated across your team automatically allowing you to focus on your daily work.