Use IAM access advisor with AWS Organizations to set permission guardrails confidently

Posted on: Jun 21, 2019

AWS Identity and Access Management (IAM) access advisor uses data analysis to help you set permission guardrails confidently by providing service last accessed information for your accounts, organizational units (OUs), and your organization managed by AWS Organizations. Permission guardrails help control which services your developers and applications can access. By analyzing last accessed information, you can determine the services not used by IAM users and roles. You can implement permissions guardrails using service control policies (SCPs) that restrict access to those services.

You can review service last accessed information for your AWS organization in the IAM console in your organization’s master account or programmatically using IAM access advisor APIs with the AWS Command Line Interface (AWS CLI) or a programmatic client.  

Service last accessed information for AWS Organizations is available in the following public AWS regions:

  • US East (N. Virginia)
  • US East (Ohio)
  • US West (N. California)
  • US West (Oregon)
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Tokyo)
  • Asia Pacific (Seoul)
  • Asia Pacific (Mumbai)
  • Canada (Central)
  • EU (London)
  • EU (Frankfurt)
  • EU (Ireland)
  • EU (Paris)
  • South America (São Paulo)