How can I use AWS IAM Access Analyzer to monitor my AWS resources in my AWS Organization accounts?
2 minute read
0
I want to use AWS IAM Access Analyzer to identify resources in my organization and accounts that are shared with an external entity.
Resolution
You can add a member account in the organization as the delegated administrator to manage Access Analyzer for your organization. The delegated administrator has permissions to create and manage analyzers with the organization as the zone of trust. Access Analyzer analyzes only policies applied to resources in the same AWS Region where it's enabled. To monitor all resources in your AWS environment, you must create an analyzer to enable Access Analyzer in each Region where you're using supported AWS resources. For more information, see Delegated administrator for Access Analyzer.