In April 2021, IAM Access Analyzer added policy generation to help you create fine-grained policies based on AWS CloudTrail activity stored within your account. Now, we are extending policy generation to enable you to generate policies based on access activity stored in a designated account. For example, you can use AWS Organizations to define a uniform event logging strategy for your organization and store all CloudTrail logs in your management account to streamline governance activities. IAM Access Analyzer helps you by reviewing access activity stored in your designated account and generates a fine-grained IAM policy in your member accounts. This helps you to easily create policies with just the required permissions for your workloads.
Source:: Amazon AWS