The announcement of IAM Access Analyzer on the 2nd December sees the introduction of a capability that mathematically analyzes access control policies attached to resources (S3, IAM Role, Lambda, KMS etc ...) and determines which resources can be accessed publicly or from other accounts
Use Case
This service provides a greater visibility into the aggregate impact of your access control strategy, making it easy to report and to automatically respond to findings unintended resource access
The announcement of IAM Access Analyzer on the 2nd December sees the introduction of a capability that mathematically analyzes access control policies attached to resources (S3, IAM Role, Lambda, KMS etc ...) and determines which resources can be accessed publicly or from other accounts
Use Case
This service provides a greater visibility into the aggregate impact of your access control strategy, making it easy to report and to automatically respond to findings unintended resource access
Proposed Solution
Implement CloudFormation Resource and CDK Construct for https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html
Other
References
https://aws.amazon.com/iam/features/analyze-access/
https://aws.amazon.com/blogs/aws/identify-unintended-resource-access-with-aws-identity-and-access-management-iam-access-analyzer/
https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html
This is a :rocket: Feature Request