Amazon Web Services Posted March 16, 2021 Share Posted March 16, 2021 AWS Identity and Access Management (IAM) Access Analyzer makes it easier to implement least privilege permissions by analyzing resource policies to provide provable security and help you identify unintended public or cross-account access. A recent update allows you to validate public and cross-account access before deploying permissions changes. Now, we are extending policy validation in IAM Access Analyzer by adding over 100 policy checks with actionable recommendations. These checks use static analysis to help you proactively validate your permission policies during policy authoring to set secure and functional permissions. The checks include functional validation like developers might expect from a linter, and go beyond that to evaluate best practices in granting access. These checks analyze your policy and report security warnings, errors, general warnings, and suggestions based on their impact. They provide actionable recommendations that guide you to set secure and functional permissions. For example, IAM Access Analyzer reports a security warning when your policy grants access to pass any role to any service, which is overly permissive. The security warning includes a recommendation that you scope down the permissions to pass specific role(s) instead. View the full article Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.