Posted On: Jun 29, 2021

AWS Identity and Access Management (IAM) Access Analyzer makes it easier for customers to author secure and functional permissions by providing over 100 policy checks with actionable recommendations during policy authoring. Now, IAM Access Analyzer extended policy validation by adding new policy checks that validate conditions included in IAM policies. These checks analyze the condition block in your policy statement and report security warnings, errors, and suggestions along with actionable recommendations. These checks help you set fine-grained permissions by guiding you to apply conditions in a secure and functional way. For example, IAM Access Analyzer validates that policies that specify tagging conditions include the required tag information in the condition. 

IAM Access Analyzer policy validation is available at no additional cost in all commercial AWS Regions, AWS China regions, and AWS GovCloud (US). To learn more about IAM Access Analyzer, see the feature page.