hands-on lab

Simplifying Permission Management with IAM Access Analyzer

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


IAM Access Analyzer is an important security feature that can help developers identify unintended access to resources and data. Access Analyzer monitors access policies to help administrators and security teams protect their resources from unintended access.

In addition to generating and managing findings, Access Analyzer can also validate IAM policies against policy grammar and AWS best practices. This can help developers identify and resolve issues with their IAM policies before they are attached to resources.

In this lab, you will enable IAM Access Analyzer, manage findings, and validate an IAM policy in the AWS console.

Learning objectives

Upon completion of this beginner-level lab, you will be able to:

  • Enable IAM Access Analyzer in an AWS region
  • Archive and resolve IAM Access Analyzer findings
  • Validate IAM policies with IAM Access Analyzer

Intended audiences

  • Candidates for the AWS Certified Security - Specialty Certification
  • Cloud Engineers


Familiarity with the following will be beneficial but is not required:

  • AWS Identity and Access Management

The following content can be used to fulfill the prerequisites:


February 20th, 2024 - Updated screenshots and instructions to reflect the latest UI

July 10th, 2023 - Resolved deployment issue

About the author

Jun Fritz, opens in a new tab
Cloud Labs Developer
Learning paths

Jun is a Cloud Labs Developer with previous experience as a Software Engineer and Cloud Developer. He holds the AWS Certified Solutions Architect and DevOps Engineer Professional certifications. He also holds the AWS Certified Solutions Architect, Developer, and SysOps Administrator Associate certifications. 

Jun is focused on giving back to the growing cloud community by sharing his knowledge and experience with students and creating engaging content. 

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Enabling AWS IAM Access Analyzer
Resolving IAM Access Analyzer Findings
Archiving IAM Access Analyzer Findings
Validating IAM Policies with Access Analyzer