Aws Access Analyzer

Aws access analyzer. For each public or shared bucket you receive findings into the source and level of public or shared access. Resource policies allow customers to granularly control who is able to access a specific resource and how they are able to use it across the entire cloud environment. Iam access analyzer sends an event to amazon eventbridge for each generated finding for a change to the status of an existing finding and when a finding is deleted. Or iam access analyzer may detect a kms key policy that allow users from another account to delete the key identifying a data loss risk you can fix by adjusting.

Also all iam access analyzer actions are logged by aws cloudtrail and aws security hub. Aws identity and access management iam access analyzer is a new feature that makes it simple for security teams and administrators to check that their policies provide only the intended access to resources. Access analyzer for s3 alerts you to s3 buckets that are configured to allow access to anyone on the internet or other aws accounts including aws accounts outside of your organization. Access analyzer for s3 is available at no additional cost in the s3 management console in all commercial aws regions excluding the aws china beijing region and the aws china ningxia region.

You can monitor iam access analyzer findings with eventbridge. Access analyzer for s3 is also available through apis in the aws govcloud us regions. This lets you identify unintended access to your resources and data which is a security risk. Using the information.