Extending custom policy checks & guided revocation

Extending custom policy checks & guided revocation
We are making IAM Access Analyzer even more powerful. Extending custom policy checks and adding easy access to guidance. That will help you to fine-tune your IAM policies. Both of these new features build on the Custom Policy Checks and the. Unused Access analysis that were launched at re:Invent 2023. Here’s what we are launching.

New Custom Policy Checks

Using the power of automated reasoning. The new Europe Cell Phone Number List checks help you to detect. Policies that grant access to specific, critical AWS resources, or that grant any type of public access. Both of the checks are designed to be used ahead of deployment, possibly as part of your CI/CD pipeline, and will help you proactively detect updates that do not conform to your organization’s security practices and policies.

Europe Cell Phone Number List Revocation IAM Access

Analyzer now gives you guidance that you can Belgium Phone Number List share with your developers so that they can revoke permissions that grant access that is not actually needed. This includes unused roles, roles with unused permissions, unused access keys for IAM users, and unused passwords for IAM users. The guidance includes the steps needed to either remove the extra items or to replace them with more restrictive ones.

New Custom Policy Checks
The new policy checks can be invoked from the command line or by calling an API function. The checks examine a policy document that is supplied as part of the request and return a PASS or FAIL value. In both cases, PASS indicates that the policy document properly disallows the given access, and FAIL indicates that the policy might allow some or all of the permissions.

 

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *