(cli): Integrate with IAM Access Analyzer policy validation

[jogold]

Integrate IAM Access Analyzer policy validation with the CLI, either with a special command or during deploy.

It could also be used as a new "linting" tool in the repo to ensure that IAM policies created by AWS CDK constructs comply with best practices.

See https://aws.amazon.com/blogs/aws/iam-access-analyzer-update-policy-validation/ See https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-validation.html

Use Case

• Warn users if their CDK code generates "bad" IAM policies
• Ensure AWS CDK constructs deliver IAM policies that are compliant with best practices

Proposed Solution

To be discussed 😄

• [x] :wave: I may be able to implement this feature request
• [ ] :warning: This feature might incur a breaking change

---

This is a :rocket: Feature Request

[0xjjoyy]

How about integrating into the PolicyStatement validate methods?

[github-actions[bot]]

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.