I have published an InfoQ news post about the AWS team's new offerings for IAM governance with tags and attribute-based access control:
Amazon Web Services (AWS) recently enabled tags for IAM users and roles to ease the management of IAM resources. Notably, this release also includes the ability to embrace attribute-based access control (ABAC) and match AWS resources with IAM principals dynamically to "simplify permissions management at scale".
[...]
Continue reading the full post in AWS Identity and Access Management Gains Tags and Attribute-Based Access Control.