Posted On: Aug 20, 2021

In April 2021, IAM Access Analyzer added policy generation to help you create fine-grained policies based on AWS CloudTrail activity stored within your account. Now, we are extending policy generation to enable you to generate policies based on access activity stored in a designated account. For example, you can use AWS Organizations to define a uniform event logging strategy for your organization and store all CloudTrail logs in your management account to streamline governance activities. IAM Access Analyzer helps you by reviewing access activity stored in your designated account and generates a fine-grained IAM policy in your member accounts. This helps you to easily create policies with just the required permissions for your workloads.

You can use IAM Access Analyzer in the commercial regions to generate policies in the IAM console or by using APIs with the AWS Command Line Interface or a programmatic client. Read the documentation to learn more.