AWS IAM Access Analyzer

Streamline your journey toward least privilege

Why IAM Access Analyzer?

Achieving least privilege is a continuous journey to grant the right fine-grained permissions as your requirements evolve. IAM Access Analyzer guides you toward least privilege by providing capabilities to set, verify, and refine permissions. IAM Access Analyzer uses provable security to analyze external access and validate that your policies match your specified corporate security standards.

Benefits of IAM Access Analyzer

Apply least privilege with access analysis and policy validation to set, verify, and refine permissions
Centrally review and remove unused and external access across your AWS accounts with continuous monitoring
Automate and scale permissions management and refinement with security integration workflows that alert teams. For unused roles, access keys, or passwords, IAM Access Analyzer provides quick links in the console to help you delete them. For unused permissions, IAM Access Analyzer reviews your existing policies and recommends a refined version tailored to your access activity.
Validate policies match IAM best practices and your specific security standards with provable security
Automate policy reviews before deployments by configuring custom policy checks in your development lifecycle.

Watch these videos to learn more about IAM Access Analyzer

IAM Access Analyzer features for central security teams and developers (18:46)
Use new IAM Access Analyzer features on your journey to least privilege (55:34)
Spur productivity with options for identity and access (29:43)

Featured customers

  • USAA

    AWS IAM Access Analyzer is instrumental in our data perimeter strategy, allowing our security teams to proactively review and validate public and cross-account access before deploying permissions changes. Using automated reasoning, IAM Access Analyzer provides a higher level of assurance that the permissions granted to AWS resources are as intended. IAM Access Analyzer has significantly increased organizational confidence in our access controls as well as agility to securely scale out in the cloud.

    Joe Denton, Staff Security Architect, Public Cloud Security, USAA
  • GoTo

    Our development teams are accelerating our journey to least privilege by using IAM Access Analyzer. The findings generated using IAM Access Analyzer's custom policy checks in our CI/CD pipeline triggers approval process workflows automatically. We've gained significant operational efficiencies by using custom policy checks to reduce the code build, deployment, exception, and remediation processing time from days to minutes. IAM Access Analyzer has improved our security posture helping us shift-left further in a DevSecOps model.

    Peter Zobolyak, Sr Manager, Cloud Architecture, GoTo Technologies USA Inc.
  • Attentive

    AWS IAM Access Analyzer empowers our central Cloud Security team by providing the visibility needed to proactively manage permissions in our ever-changing cloud environment. By continuously monitoring our IAM roles and policies, the tool helps us quickly identify unintended public policies and clean up unused roles. The automated insights from IAM Access Analyzer have significantly reduced the manual effort required to discover and manage non-compliant policies. This has provided the necessary information to maintain a secure cloud environment at scale, allowing our teams to focus on innovation.

    Jacob Rickerd, Principal Security Engineer, Attentive

Use Cases

Set fine-grained permissions

Use IAM Access Analyzer to set fine-grained permissions and automate policy reviews with confidence.

Learn more

Verify who can access what

IAM Access Analyzer helps you verify that access meets your intent through analysis and validation.  

Learn more

Refine and remove broad access

A summary dashboard helps identify opportunities to rightsize permissions on your journey to least privilege.

Learn more

Remediate unused access

IAM Access Analyzer gives you visibility into unused access across your AWS organization and recommendations to help you remediate unused access.

Learn more