AWS recommends that you create an identity and access management (IAM) user or role for authenticating with AWS and never use root credentials to deploy a CloudFormation template. The IAM user must be allowed to perform AWS CloudFormation actions.
The following links provide more information about AWS best practices:
Amazon recommends that you enable AWS CloudTrail logs to enable governance, compliance, and operational and risk auditing of your AWS account. AWS CloudTrail enables you to do the following:
View the event history of your AWS account activity, including AWS Management Console actions, AWS SDKs, CLI, and other AWS services.
Identify the initiator of actions, resources involved, and event timing.
This event history helps to simplify security analysis, resource change tracking, and troubleshooting.