Posted On: Nov 30, 2021

The Amazon Simple Storage Service (S3) console now reports security warnings, errors, and suggestions from Identity and Access Management (IAM) Access Analyzer as you author your S3 policies. The console automatically runs more than 100 policy checks to validate your policies. These checks save you time, guide you to resolve errors, and help you apply security best practices. By resolving errors and security warnings reported by the S3 console, you can validate that your policies are functional before you attach them to your S3 buckets or access points.

Before a policy is saved, policy checks flag syntax errors such as invalid actions or missing policy elements in the S3 console's policy editor. This allows you to easily correct errors as they are found. These checks also identify overly permissive combinations of policy elements. For example, the console reports security warnings for policies with elements that can grant overly permissive access.

In addition to the S3 console, you can validate your S3 policies programmatically by using the Access Analyzer API. Programmatic validation helps you identify errors and security warnings in policies as a part of your CI/CD pipelines and allows you to run policy validation at scale.

Policy validation in the S3 console and through the Access Analyzer API is available at no additional cost in all AWS Regions; AWS GovCloud (US); the AWS China (Beijing) Region, operated by Sinnet; and the AWS China (Ningxia) Region, operated by NWCD. For more information, see Access Analyzer policy validation.