Using Identity-based Policies (IAM Policies) for AWS Shield