AWS IAM Access Analyzer

You can run AWS Identity and Access Management (IAM) Access Analyzer policy checks on your IAM policies authored in AWS CloudFormation templates, Terraform plans, and JSON policy documents, using the IAM Access Analyzer in the AWS Toolkit for Visual Studio Code.

IAM Access Analyzer policy checks include policy validation and custom policy checks. Policy validation helps validate your IAM policies according to the standards detailed in the Grammar of the IAM JSON policy language and AWS Security best practices in IAM topics, located in the AWS Identity and Access Management User Guide. Your policy validation findings include security warnings, errors, general warnings, and policy suggestions.

You can also run custom policy checks for new access, based on your security standards. A charge is associated with each custom policy check for new access. For detailed information about pricing, see the AWS IAM Access Analyzer pricing site. For details about IAM Access Analyzer policy checks, see the Checks for validating policies topic in the AWS Identity and Access Management User Guide.

The following topics describe how to work with IAM Access Analyzer policy checks in the AWS Toolkit for Visual Studio Code.

Topics

Working with AWS IAM Access Analyzer

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Working with Amazon EventBridge Schemas

Working with AWS IAM Access Analyzer