0Pricing
AWS Security Academy · Lesson

Auditing Sharing with IAM Access Analyzer

Detect resources unintentionally shared outside your account.

The Unintended Sharing Risk

It is easy to write a policy that accidentally grants access to the public or to an external account. A single overly broad bucket policy can expose sensitive data.

IAM Access Analyzer continuously checks your resources and tells you which ones are shared outside your zone of trust, before an attacker finds them.

What Access Analyzer Does

Access Analyzer uses automated reasoning (mathematical logic) to analyze resource policies and identify external access.

  • It defines a zone of trust, usually your account or organization.
  • Any grant reaching outside that zone becomes a finding.

It is proactive analysis, not log review.

All lessons in this course

  1. Single Sign-On with IAM Identity Center
  2. SAML, OIDC, and Web Identity Federation
  3. Cross-Account Roles and Resource Policies
  4. Auditing Sharing with IAM Access Analyzer
← Back to AWS Security Academy