Amazon IAM Access Analyzer · Capability
Amazon IAM Access Analyzer - Access Security Management
Unified capability for security teams to manage access analyzers, review findings, validate policies, and enforce least-privilege access controls across AWS accounts.
What You Can Do
GET
List analyzers
— List all access analyzers in the account
/v1/analyzers
POST
Create analyzer
— Create a new access analyzer
/v1/analyzers
GET
List findings
— List findings from an analyzer
/v1/findings
POST
Validate policy
— Validate an IAM policy for best practices
/v1/policies/validate
POST
Start policy generation
— Start generating a policy based on CloudTrail activity
/v1/policies/generate
MCP Tools
list-analyzers
List all IAM Access Analyzers configured in the account
read-only
create-analyzer
Create a new IAM Access Analyzer for an account or organization
list-findings
List security findings from an access analyzer
read-only
get-finding
Get details of a specific access finding
read-only
validate-policy
Validate an IAM policy document for best practices and security issues
read-only
start-policy-generation
Generate an IAM policy based on CloudTrail access activity logs
get-generated-policy
Retrieve a policy generated from CloudTrail activity
read-only
create-access-preview
Preview access changes before deploying permission changes
list-archive-rules
List archive rules for an analyzer
read-only
APIs Used
iam-access-analyzer