I recently came across a great resource concerning AWS Security and thought I'd share.
AWS Security Tools List
"List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc."
The Cloud tracker for over-privileged IAM users and S3 scans would be a great start for anyone that hasn't did some cleanup on older accounts. S3 buckets should also be checked to make sure they have the correct permissions. The S3 Scan spider would do the trick. Since 2018 AWS has done a better job at notifying admins that they had buckets exposed to the public.
If you are looking for a more polished tool that wraps most of the functionality you get from those you should check out https://dome9.com/ . Its a great multi-cloud security posture management tool.