Does the IAM Access Analyzer consider Data Events as well as Management Events in CloudTrail Trail logs?

1

When running the IAM Access Analyzer tool in the AWS console to generate an IAM Policy template for a user or role (based on the activity logged for that entity by the logs of a configured CloudTrail Trail), does the Analyzer consider also any Data Events logged when listing actions in the result policy, or is it only Management Events?

1 Answer
1
Accepted Answer

See the Things to know about generating policies section of IAM Access Analyzer policy generation:

Data events not available – IAM Access Analyzer does not identify action-level activity for data events, such as Amazon S3 data events, in generated policies.

profile pictureAWS
answered a year ago
  • Thanks MiguelUT - I'd seen that page but managed to overlook that point

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions