Posted On: Apr 7, 2021

When we launched IAM Access Analyzer, we started by helping you remove unintended public and cross account access by analyzing your existing permissions. Recently, IAM Access Analyzer added policy validation to help you set secure and functional permissions during policy authoring. Now, we are taking that a step further and generating policies for you. You can now use IAM Access Analyzer to generate fine-grained policies based on your access activity found in your CloudTrail. When you request a policy, IAM Access Analyzer gets to work and generates a policy by analyzing your CloudTrail logs to identify your activity. The generated policy makes it easier to grant only the required permissions for your workloads.

You can use IAM Access Analyzer in the commercial regions to generate policies in the IAM console or by using APIs with the AWS Command Line Interface (AWS CLI) or a programmatic client. Read the blog to learn more.