Access Analyzer
Take a look at an AWS service that can help us analyze the scope of access in our account.
AWS Access Analyzer is an IAM tool that we can use to analyze the policies in our AWS account. By doing this analysis, it can help us do the following:
Identify our AWS resources that are accessible outside of the account
Identify inactive access in our account
Find syntax issues in our policies
Make sure that our policy is according to the security best practices
Generate IAM policy based on access activity of a user in the AWS CloudTrail logs
Access Analyzer is a regional service that needs to be enabled in the desired region.
AWS Access Analyzer workflow
AWS Access Analyzer works by continuously monitoring the resource policies within our AWS environment to identify potential security risks and compliance violations. It ...