Posted On: Aug 25, 2021

IAM Access Analyzer helps you achieve least privilege by generating fine-grained policies that specify the required actions for more than 50 services. In April 2021, IAM Access Analyzer added policy generation to help you create IAM policies based on your AWS CloudTrail activity. Now, we are extending policy generation to identify actions used for more than 50 services such as Amazon ECR, Amazon Athena, and AWS Security Hub. When you request a policy, IAM Access Analyzer gets to work and generates a policy by analyzing your AWS CloudTrail logs to identify actions used. For other services, IAM Access Analyzer helps you by identifying the services used and guides you to add the necessary actions. The generated policy makes it easier to grant only the required permissions for your workloads.

You can use IAM Access Analyzer in the commercial regions to generate policies in the IAM console or by using APIs with the AWS Command Line Interface (AWS CLI) or a programmatic client. Read the blog to learn more.