How do I use IAM Access Advisor to view last accessed information and IAM Access Analyzer to validate and generate policies?

2 minute read
0

I want to use AWS Identity and Access Management (IAM) Access Advisor to view access information for AWS Services and resources. I also want to use IAM Access Analyzer to validate and generate IAM policies.

Resolution

Use IAM Access Advisor

IAM Access Advisor shows which AWS services that IAM groups, users, roles, or policies can access and when those services were last accessed. To view last accessed information for IAM on the Access Advisor tab in the IAM console, see View last accessed information for IAM.

For a list of the AWS Services for which IAM action last accessed information, see IAM action last accessed information services and actions.

For more information, see How can I monitor the account activity of specific IAM users, roles, and AWS access keys?

Use IAM Access Analyzer

Use IAM Access Analyzer to help you review IAM policies that grant access to your AWS resources. For example, you can review Amazon Simple Storage Service (Amazon S3) bucket policies that grant you S3 resources from another AWS account. For more information, see Using IAM Access Analyzer.

You can also use IAM Access Analyzer to analyze your AWS CloudTrail events to generate an IAM policy based on that activity. For more information, see IAM Access Analyzer policy generation.

To activate IAM access Analyzer, see Enabling IAM Access Analyzer.

Note: You are charged for any unused access analysis that you have created per month. For more information, see Pricing for IAM Access Analyzer.

To troubleshoot IAM Access Analyzer permissions, see How do I resolve permission issues with policies generated from IAM Access Analyzer?

Related information

How can I use AWS IAM Access Analyzer to monitor my AWS resources in my AWS Organization accounts?

IAM Access Analyzer makes it easier to implement least privilege permissions by generating IAM policies based on access activity

AWS OFFICIAL
AWS OFFICIALUpdated 2 months ago