Customize scope of IAM Access Analyzer unused access analysis
Customers use Identity and Access Management (IAM) Access Analyzer unused access findings to identify over permissive access granted to IAM roles and users in their accounts or AWS organization. Now, customers can optionally customize the analysis to meet their needs. Customers can select accounts, roles, and users to exclude from analysis and focus on specific areas to identify and remediate unused access. They can use identifiers such as account ID or scale configuration using role tags. By scoping the analyzer to monitor a sub-set of accounts and roles, customers can streamline findings review and optimize costs of using unused access analysis. Customers can update the configuration at any time to change the scope of analysis. With the new offering, IAM Access Analyzer provides enhanced controls to help customers tailor the analysis more closely to their organization’s security needs.
This new feature is available in all AWS Commercial Regions. To learn more about IAM Access Analyzer unused access analysis, see the documentation.