AWS Identity and Access Management (IAM) Access Analyzer policy generation has expanded support to identify actions used from over 140 services to help developers create fine-grained policies based on their AWS CloudTrail access activity. New additions include actions from services such as AWS CloudFormation, Amazon DynamoDB, and Amazon Simple Queue Service. When developers request a policy, IAM Access Analyzer gets to work and generates a policy by analyzing their AWS CloudTrail logs to identify actions used. For example, developers using AWS CloudFormation to set up resources need to provide CloudFormation permissions to create resources. They can use policy generation to create a fine-grained policy and limit CloudFormation role’s permissions to only those necessary to deploy a given template. The generated policy makes it easier for developers to grant only the required permissions to run their workloads.
Source:: Amazon AWS