Does the IAM Access Analyzer consider Data Events as well as Management Events in CloudTrail Trail logs?

Question

When running the IAM Access Analyzer tool in the AWS console to generate an IAM Policy template for a user or role (based on the activity logged for that entity by the logs of a configured CloudTrail Trail), does the Analyzer consider also any Data Events logged when listing actions in the result policy, or is it only Management Events?

Accepted Answer

See the **Things to know about generating policies** section of [IAM Access Analyzer policy generation](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-generation.html):
>**Data events not available** – IAM Access Analyzer does not identify action-level activity for data events, such as Amazon S3 data events, in generated policies.

Does the IAM Access Analyzer consider Data Events as well as Management Events in CloudTrail Trail logs?

相關內容