Posted On: Dec 8, 2021

In April 2021, IAM Access Analyzer added policy generation to help you create IAM policies based on access activity found in your AWS CloudTrail. IAM Access Analyzer has now increased policy generation quotas to 50 per day to help you right-size permissions for more roles in your account. As you right-size permissions across multiple workloads in your account, you can now use policy generation across your roles to grant just the required permissions. To use IAM Access Analyzer policy generation, visit your role’s detail page and select “generate policy” to get started. When you request a policy, IAM Access Analyzer reviews your CloudTrail logs to identify the actions used and creates a fine-grained policy. Read the blog to learn more.

You can use IAM Access Analyzer in the commercial regions to generate policies in the IAM console or by using APIs with the AWS Command Line Interface (AWS CLI) or a programmatic client.