hands-on lab

Simplifying Permission Management with IAM Access Analyzer

Difficulty: Beginner
Duration: Up to 1 hour
Students: 379
Rating: 4.5/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

IAM Access Analyzer is an important security feature that can help developers identify unintended access to resources and data. Access Analyzer monitors access policies to help administrators and security teams protect their resources from unintended access.

In addition to generating and managing findings, Access Analyzer can also validate IAM policies against policy grammar and AWS best practices. This can help developers identify and resolve issues with their IAM policies before they are attached to resources.

In this lab, you will enable IAM Access Analyzer, manage findings, and validate an IAM policy in the AWS console.

Learning objectives

Upon completion of this beginner-level lab, you will be able to:

  • Enable IAM Access Analyzer in an AWS region
  • Archive and resolve IAM Access Analyzer findings
  • Validate IAM policies with IAM Access Analyzer

Intended audiences

  • Candidates for the AWS Certified Security - Specialty Certification
  • Cloud Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • AWS Identity and Access Management

The following content can be used to fulfill the prerequisites:

Updates

February 20th, 2024 - Updated screenshots and instructions to reflect the latest UI

July 10th, 2023 - Resolved deployment issue

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Enabling AWS IAM Access Analyzer
Resolving IAM Access Analyzer Findings
Archiving IAM Access Analyzer Findings
Validating IAM Policies with Access Analyzer