Authoring secure and functional policies just got a lot easier with over 100 policy checks from Access Analyzer. Here is why this launch 🚀is a game changer (1/12) 
The checks help you DURING policy authoring either in the IAM console or as part of your policy workflows with the API. (2/12)
There are 4⃣ types of checks including security warnings, errors, general warnings, and suggestions that guide your policy authoring. (3/12)
Each check shares actionable guidance to resolve the findings. There is also a doc link for each check to provide more detailed guidance. (4/12)
I have two favorite checks.🥖First is a security check for PassRole on * Since most accounts have an admin role, granting access to pass all roles can lead to privilege escalation and not recommended. 🥖 (5/12)
Second is invalid action, this helps you with typos and removing any actions that are fake news. This helps overall policy hygiene 🚿 making your policies more readable and accurate. (6/12)
Access Analyzer also reports invalid services in policies. Turns out “Pickles” is not an AWS service…yet.
You also get JSON errors. Go and fix all those missing curly brackets and semi-colons. We have all been there. (8/12)
With policy validation, Access Analyzer moves analysis closer to policy creation. Helping you catch and resolve any issues before you deploy them. (9/12)
🍾 We drank our own champagne (I love me some bubbles) and updated AWS managed policies using the same checks we are making available today. 🍾(10/12)
Finally, we are looking to add more checks to our policy validation. Send us your ideas! (11/12)
Learn more about this launch by reading the blog post by @jeffbarr aws.amazon.com/blogs/aws/iam-… (12/12)
• • •
Missing some Tweet in this thread? You can try to
force a refresh
