Posted On: Nov 2, 2023

AWS Identity and Access Management (IAM) Access Analyzer policy generation has expanded support to identify actions of over 200 AWS services to help developers create fine-grained policies based on their AWS CloudTrail access activity. The new service additions include actions from services such as AWS Auto Scaling, Amazon Redshift, and Amazon Route 53. When developers initiate policy generation, IAM Access Analyzer gets to work and generates a policy by analyzing their AWS CloudTrail logs to identify actions used. For example, developers building applications might want to grant the applications permissions to access AWS resources. They can use policy generation to create a fine-grained policy and limit application role’s permissions to only those necessary. The generated policy provides developers a starting point and makes it easier for developers to grant only the required permissions to run their workloads.

You can use IAM Access Analyzer in the commercial regions to generate policies in the IAM console or by using APIs with the AWS Command Line Interface or a programmatic client. Read the documentation to learn more. To get started, you can read this blog on how to use IAM Access Analyzer policy generation.