IAM Access Analyzer supports additional analysis findings and checks in AWS GovCloud (US) Regions

AWS Identity and Access Manager (IAM) Access Analyzer now supports unused access findings, internal access findings, and custom policy checks in the AWS GovCloud (US-East and US-West) Regions to help guide you towards least privilege.

IAM Access Analyzer continuously analyzes your accounts to identify unused access and surfaces findings to highlight unused roles, unused access keys for IAM users, and unused passwords for IAM users. For active IAM roles and users, the findings provide visibility into unused services and actions. With internal access findings, you can identify who within your AWS organization has access to your Amazon S3, Amazon DynamoDB, or Amazon Relational Database Service (RDS) resources. It uses automated reasoning to evaluate all identity policies, resource policies, service control policies (SCPs), and resource control policies (RCPs) to surface all IAM users and roles that have access to your selected critical resources. After the new analyzers are enabled in the IAM console, the updated dashboard highlights your AWS accounts and resources that have the most findings and provides a breakdown of findings by type. Security teams can respond to new findings in two ways: taking immediate action to fix unintended access, or setting up automated notifications through Amazon EventBridge to engage development teams for remediation.

Custom policy checks also use the power of automated reasoning to help security teams proactively detect nonconformant updates to policies. For example, IAM policy changes that are more permissive than their previous version. Security teams can use these checks to streamline their reviews, automatically approving policies that conform with their security standards, and inspecting more deeply when they don’t.

To learn more about IAM Access Analyzer:

• See the documentation
• Review the pricing

Categories:

Source: Amazon Web Services

Latest Posts