Automate AWS IAM Permissions Analysis Using the New IAM Access Advisor APIs
AWS Identity and Access Management (IAM) access advisor now enables you to automate the analysis of your IAM permissions across all your accounts using IAM access advisor APIs with the AWS Command Line Interface (AWS CLI) or SDK. IAM access advisor helps you audit service access, remove unnecessary permissions, and set appropriate permissions providing the last timestamp when an IAM entity (e.g., user, role, or a group) accessed an AWS service.
The new IAM access advisor APIs are available in US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Mumbai), Canada (Central), EU (London), EU (Frankfurt), EU (Ireland), EU (Paris), and South America (São Paulo) public AWS Regions.