AWS IAM Access Analyzer Policy Validation Checks

While I found the recently announced list of checks that IAM Access Analyzer performs on your policies buried deep in the documentation, it wasn't as easy to navigate as I would've liked. Here's the full list of the check names,

AWS IAM:PassRole explained

A common point of confusion when getting started with AWS IAM, and when trying to implement "least privileges" on IAM is the message "is not authorized to perform: iam:PassRole on resource". Usually this refers to "User" or "CloudFormation" as

Effective Actions for AWS IAM

TL;DR I made Effective IAM Actions, a small tool to expand wildcards "*"in IAM Policy Actions so that you can see explicitly what permissions are granted by a policy. It supports multiple statements in each policy, Allow and Deny

Federated CodeCommit Access

CodeCommit access via federated credentials is the way to go. You're not using long-lived Access Keys are you? Bad engineer! Stop that! For better or worse, federated IAM access requires you to use the HTTPS endpoint with a git credential

Close You've successfully subscribed to Rowan Udell.
Close Great! You've successfully signed up.
Close Welcome back! You've successfully signed in.
Close Success! Your account is fully activated, you now have access to all content.
Close Success! Your billing info is updated.
Close Billing info update failed.