AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. Access Analyzer identifies resources that are shared with external principals by using logic-based reasoning to analyze the resource-based policies in your AWS environment. For each instance of a resource that is shared outside of your account, Access Analyzer generates a finding. Findings include information about the access and the external principal that it is granted to. You can review findings to determine whether the access is intended and safe, or the access is unintended and a security risk.
Below are the cmdlets which are available with AWS IAM Access Analyzer
CmdletName | ServiceOperation |
Add-IAMAAResourceTag | TagResource |
Get-IAMAAAnalyzedResource | GetAnalyzedResource |
Get-IAMAAAnalyzedResourceList | ListAnalyzedResources |
Get-IAMAAAnalyzer | GetAnalyzer |
Get-IAMAAAnalyzerList | ListAnalyzers |
Get-IAMAAArchiveRule | GetArchiveRule |
Get-IAMAAArchiveRuleList | ListArchiveRules |
Get-IAMAAFinding | GetFinding |
Get-IAMAAFindingList | ListFindings |
Get-IAMAAResourceTag | ListTagsForResource |
New-IAMAAAnalyzer | CreateAnalyzer |
New-IAMAAArchiveRule | CreateArchiveRule |
Remove-IAMAAAnalyzer | DeleteAnalyzer |
Remove-IAMAAArchiveRule | DeleteArchiveRule |
Remove-IAMAAResourceTag | UntagResource |
Start-IAMAAResourceScan | StartResourceScan |
Update-IAMAAArchiveRule | UpdateArchiveRule |
Update-IAMAAFinding | UpdateFindings |
You can also check other AWS Services, and each services cmdlets we are providing.