Generally, the security around access keys and secrets are considered enough for most use cases. If you need additional security in depth, then AWS allows access to roles to be restricted in lots of ways, including source IP address, MFA, account of assuming user, etc...