Posted On: Apr 27, 2020

To help you discover S3 buckets that can be accessed publicly or from other accounts or organizations, AWS Identity and Access Management (IAM) Access Analyzer evaluation of S3 buckets now includes S3 Access Point policies in addition to bucket policies and access control lists. This helps you find unintended access to S3 buckets that use access points, and identifies the access point that permits access. Access Analyzer makes it easier to identify and remediate unintended public, cross-account or cross-organization sharing of your S3 buckets that use access points. This helps you restrict bucket access and adhere to the security best practice of least privilege.

IAM Access Analyzer is available at no additional cost in the IAM console and through APIs in all commercial AWS Regions and AWS GovCloud (US). To learn more about IAM Access Analyzer, see the feature page. Findings related to S3 buckets can also be viewed directly in the Amazon S3 Console.