Posted On: Mar 10, 2021

AWS Identity and Access Management (IAM) Access Analyzer now enables you to validate access before deploying permissions changes. IAM Access Analyzer uses comprehensive policy analysis to provide provable security and generate findings for resource access. Now with IAM Access Analyzer, you can prevent public and cross-account access before you set permissions. You can preview findings and validate that your policy changes grant only intended access to your resources. By previewing findings, you can prevent unintended access before you deploy permissions.

You can preview and validate public and cross-account access in the Amazon S3 console or with IAM Access Analyzer APIs. In the S3 console, you can preview IAM Access Analyzer findings for access to your bucket before you save a bucket policy. This enables you to validate whether the policy change introduces new findings or resolves existing findings. You can also use IAM Access Analyzer APIs to validate proposed permissions for your S3 buckets, KMS keys, IAM roles, SQS queues and Secrets Manager secrets.

IAM Access Analyzer is available at no additional cost in all commercial AWS Regions, AWS China regions and AWS GovCloud (US). To learn more about IAM Access Analyzer and which resources it supports, see the feature page.