Authorizing Direct Calls to AWS Services