AWS Identity and Access Management (IAM) Access Analyzer guides customers toward least privilege by providing tools to set, verify, and refine permissions. IAM Access Analyzer now offers actionable recommendations to guide you to remediate unused access. For unused roles, access keys, and passwords, IAM Access Analyzer provides quick links in the console to help you delete them. For unused permissions, IAM Access Analyzer reviews your existing policies and recommends a refined version tailored to your access activity.
As a central security team member, you can use IAM Access Analyzer to gain visibility into unused access across your AWS organization and automate how you rightsize permissions. Security teams set up automated workflows to notify their developers about new IAM Access Analyzer findings. Now, you can include step-by-step recommendations provided by IAM Access Analyzer to notify and simplify how developers refine unused permissions. This feature is offered at no additional cost with unused access findings and is a part of the growing Cloud Infrastructure Entitlement Management capabilities at AWS. The recommendations are available in AWS Commercial Regions, excluding the AWS GovCloud (US) Regions and AWS China Regions.
To learn more about IAM Access Analyzer unused access analysis:
Read a blog post to learn about setting up unused access analysis
Read more about utilizing unused access recommendations
Learn more in the documentation
Source:: Amazon AWS