AWS IAM Access Analyzer Policy Validation Checks

While I found the recently announced list of checks that IAM Access Analyzer performs on your policies buried deep in the documentation, it wasn't as easy to navigate as I would've liked.

Here's the full list of the check names, since most of them are pretty self explanatory:

Error – ARN account not allowed
Error – ARN Region not allowed
Error – Data type mismatch
Error – Duplicate keys with different case
Error – Invalid action
Error – Invalid ARN account
Error – Invalid ARN prefix
Error – Invalid ARN Region
Error – Invalid ARN resource
Error – Invalid ARN service case
Error – Invalid condition data type
Error – Invalid condition key format
Error – Invalid condition multiple Boolean
Error – Invalid condition operator
Error – Invalid effect
Error – Invalid global condition key
Error – Invalid partition
Error – Invalid policy element
Error – Invalid principal format
Error – Invalid principal key
Error – Invalid Region
Error – Invalid service
Error – Invalid service condition key
Error – Invalid service in action
Error – Invalid variable for operator
Error – Invalid version
Error – Json syntax error
Error – Json syntax error
Error – Missing action
Error – Missing ARN field
Error – Missing ARN Region
Error – Missing effect
Error – Missing principal
Error – Missing qualifier
Error – Missing resource
Error – Missing statement
Error – Null with if exists
Error – SCP syntax error action wildcard
Error – SCP syntax error allow condition
Error – SCP syntax error allow NotAction
Error – SCP syntax error allow resource
Error – SCP syntax error NotResource
Error – SCP syntax error principal
Error – Unique Sids required
Error – Unsupported element combination
Error – Unsupported global condition key
Error – Unsupported principal
Error – Unsupported Sid
Error – Unsupported wildcard in principal
Error – Missing brace in variable
Error – Unsupported symbol in variable
Error – Unsupported symbol in variable
Error – Missing quote in variable
Error – Unsupported space in variable
Error – Empty variable
Error – Variable unsupported in element
Error – Variable unsupported in version
Error – Private IP address
Error – Private NotIpAddress
Error – Policy size exceeds SCP quota
General Warning – Create SLR with NotResource
General Warning – Create SLR with star in action and NotResource
General Warning – Create SLR with NotAction and NotResource
General Warning – Create SLR with star in resource
General Warning – Create SLR with star in action and resource
General Warning – Create SLR with star in resource and NotAction
General Warning – Deprecated global condition key
General Warning – Invalid date value
General Warning – Invalid role reference
General Warning – Invalid user reference
General Warning – Missing version
General Warning – Unique Sids recommended
General Warning – Wildcard without like operator
General Warning – Policy size exceeds identity policy quota
General Warning – Type mismatch
General Warning – Type mismatch Boolean
General Warning – Type mismatch date
General Warning – Type mismatch IP range
General Warning – Type mismatch number
General Warning – Type mismatch string
Security Warning – Allow with NotPrincipal
Security Warning – ForAllValues with single valued key
Security Warning – Pass role with NotResource
Security Warning – Pass role with star in action and NotResource
Security Warning – Pass role with NotAction and NotResource
Security Warning – Pass role with star in resource
Security Warning – Pass role with star in action and resource
Security Warning – Pass role with star in resource and NotAction
Suggestion – Empty array action
Suggestion – Empty array condition
Suggestion – Empty array condition ForAllValues
Suggestion – Empty array condition ForAnyValue
Suggestion – Empty array condition IfExists
Suggestion – Empty array principal
Suggestion – Empty array resource
Suggestion – Empty object condition
Suggestion – Empty object principal
Suggestion – Empty Sid value
Suggestion – Improve IP range
Suggestion – Null with qualifier
Suggestion – Private IP address subset
Suggestion – Private NotIpAddress subset
Suggestion – Redundant action
Suggestion – Redundant condition value num
Suggestion – Redundant resource
Suggestion – Redundant statement
Suggestion – Wildcard in service name