Amazon IAM Access Analyzer

AWS IAM Access Analyzer helps you set, verify, and refine your IAM policies by providing a suite of capabilities including findings for external, internal, and unused access, basic and custom policy checks for validating policies, and policy generation to generate fine-grained policies. It uses automated reasoning to identify resources shared with external entities and helps implement least privilege access across your AWS environment.

1 APIs 1 Capabilities 7 Features

Access ControlAWSComplianceIAMPolicy ManagementSecurity

APIs

AWS IAM Access Analyzer API

The AWS IAM Access Analyzer API provides programmatic access to create and manage analyzers, findings, archive rules, and policy validations to identify and remediate unintended...

Capabilities

Run Capabilities with Naftiko — Deploy and orchestrate these API capabilities using Naftiko Fleet.

Run with Naftiko

Amazon IAM Access Analyzer - Access Security Management

Unified capability for security teams to manage access analyzers, review findings, validate policies, and enforce least-privilege access controls across AWS accounts.

Run with Naftiko

Run Capabilities with Naftiko — Deploy and orchestrate these API capabilities using Naftiko Fleet.

Run with Naftiko

Features

External Access Analysis

Identifies resources shared with external entities outside your AWS organization using automated reasoning.

Internal Access Analysis

Identifies which principals within your organization have access to selected resources.

Unused Access Analysis

Identifies unused IAM roles, access keys, console passwords, and unused service permissions.

Policy Validation

Validates IAM policies against best practices and custom security standards before deployment.

Policy Generation

Generates fine-grained IAM policies based on actual access activity logged in AWS CloudTrail.

Access Preview

Preview public and cross-account access to resources before deploying permission changes.

Archive Rules

Automatically archive findings that match specified criteria to reduce noise.

Use Cases

Least Privilege Enforcement

Analyze actual API activity to generate minimal permission policies that implement least privilege access.

Security Compliance Auditing

Continuously monitor for unintended external access to sensitive resources like S3 buckets and IAM roles.

CI/CD Policy Validation

Integrate policy checks into deployment pipelines to catch overpermissive policies before they reach production.

Access Governance

Identify and remediate unused access across IAM users, roles, and service accounts organization-wide.

Cross-Account Access Review

Identify all resources shared across AWS accounts and validate the intent of each cross-account permission.

Integrations

AWS CloudTrail

Uses CloudTrail activity logs to generate least-privilege IAM policies based on actual usage.

AWS Security Hub

Publishes Access Analyzer findings to Security Hub for centralized security monitoring.

AWS Organizations

Analyzes access across all accounts in an AWS Organization for comprehensive governance.

AWS Config

Triggers re-scanning of resources when configuration changes are detected.

Amazon EventBridge

Publishes finding events to EventBridge for automated security workflow responses.

Semantic Vocabularies

Amazon Iam Access Analyzer Context

116 classes · 146 properties

JSON-LD

API Governance Rules

Amazon IAM Access Analyzer API Rules

23 rules · 10 errors 10 warnings 3 info

SPECTRAL

Resources

Documentation

TermsOfService

PrivacyPolicy

GitHubOrganization

GitHubOrganization

SpectralRules

NaftikoCapability

NaftikoCapability

NaftikoCapability

NaftikoCapability