AWS IAM Access Analyzer

June 6, 2020 / Nirav Shah

AWS IAM Access Analyzer is a service which is used for administrator that check the policy for AWS resources.

<img src=”https://www.eternalsoftsolutions.com/blog/wp-content/uploads/2020/06/aws-iam-access-analyzer-1.png” class=”img-responsive stepimg” alt=”AWS IAM Access Analyzer”>

As of now, IAM Access Analyzer supports below services.

<ol class=”listing”>
<li>AWS IAM Identity and Access Management Roles.</li>
<li>AWS S3 buckets.</li>
<li>AWS KMS Keys.</li>
<li>AWS LAMBDA Functions and Layers.</li>
<li>Amazon Simple Queue Service Queues.</li>
</ol>

You can use below link to for your advantage.

<a href=”https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html” target=”_blank” class=”linkcolor”>https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html</a>

You have to keep in mind that, Once the Analyzer finishes analysing the policies for the first time, it keeps analysing the policies every 24 hours.
If the policies are changed or any other new policies are updated the access Analyzer keeps updating with policies for every 30 minutes.
Let’s talk about some benefits of the tool.

<ol class=”listing”>
<li>IAM Analyzer gives a user complete permission on the resources which they are sharing with the external principals.</li>
<li>All the resources within the trusted zone can be easily monitored.</li>
<li>Access Analyzer generates findings if the resources are not within the trusted zones.</li>
<li>The Analyzer will analyse the policies for every 24 hours.</li>
<li>Quickly analyze thousands of resource policies across your account.</li>
</ol>

IAM Access Analyzer is available at no additional cost in the IAM console and through APIs in all commercial AWS Regions. IAM Access Analyzer is also available through APIs in AWS GovCloud (US).