Does the IAM Access Analyzer consider Data Events as well as Management Events in CloudTrail Trail logs?


When running the IAM Access Analyzer tool in the AWS console to generate an IAM Policy template for a user or role (based on the activity logged for that entity by the logs of a configured CloudTrail Trail), does the Analyzer consider also any Data Events logged when listing actions in the result policy, or is it only Management Events?

1 Answer
Accepted Answer

See the Things to know about generating policies section of IAM Access Analyzer policy generation:

Data events not available – IAM Access Analyzer does not identify action-level activity for data events, such as Amazon S3 data events, in generated policies.

profile pictureAWS
answered 2 years ago
  • Thanks MiguelUT - I'd seen that page but managed to overlook that point

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions