Posted On: Oct 4, 2022

IAM Access Analyzer policy validation helps you author secure and functional policies. Now, we are extending policy validation to role trust policy to make it easier to author and validate the policy that determines who can assume a role. The new IAM console experience for role trust policy guides you to add each element of the policy, such as the list of available actions for role trust policies, and offers context specific documentation. As you are authoring your policy, IAM Access Analyzer policy validation evaluates the policy for any issues to make it easier for you to author secure policies. This includes new policy checks specific to role trust policies, such as validating the format of your identity provider. Prior to saving the policy, IAM Access Analyzer generates preview findings for the external access granted by the role trust policy. This helps you review external access, such as access granted to a federated identity provider, and ensure only the intended access is granted when the policy is created.

Visit the AWS IAM console to try out this new console experience for your role trust policies. You can also use IAM Access Analyzer policy validation through APIs. See documentation to get started.