Posted On: Mar 16, 2021

Amazon Identity and Access Management (IAM) Access Analyzer now enables you to validate public and cross-account access to your resources before deploying permissions changes. IAM Access Analyzer uses comprehensive policy analysis to provide provable security and generate findings for public and cross-account access to your resources. Now with IAM Access Analyzer, you can look before you leap, and prevent public and cross-account access before you set permissions. You can preview findings and validate that your policy changes grant only intended public and cross-account access to your resources. This helps you start with intended permissions before deploying permission changes.  

Now, you can preview and validate public and cross-account access to your resources in the Amazon S3 console or with IAM Access Analyzer APIs. You can use IAM Access Analyzer APIs to preview public and cross-account access for your S3 buckets, KMS keys, IAM roles, SQS queues and Secrets Manager secrets, by providing proposed permissions for your resource and an account analyzer. In the S3 console, you can preview IAM Access Analyzer findings for public and cross-account access to your bucket before you save a bucket policy. This enables you to validate whether the policy change introduces new findings for public and cross-account access or resolves existing findings. You can now understand how your proposed policy affects public and cross-account access to your bucket so you can prevent unintended access before you deploy the policy.

IAM Access Analyzer is available in the IAM console and through APIs in the Amazon Web Services China (Beijing) region, operated by Sinnet and the Amazon Web Services China (Ningxia) region, operated by NWCD.  

To learn more about IAM Access Analyzer, visit the IAM Documentation.