Features Pricing Catalog Docs Demos About Sign in Start free
AWS

Access Analyzer

IAM Access Analyzer findings — resources accessible from outside the account's trust boundary.

Tier Explorer
Category Security & Identity
Refresh every 30 min
Scope regional
Live preview — demo data

What this pane shows

Every resource AWS IAM Access Analyzer has flagged as accessible from outside the trust boundary: public S3 buckets, cross-account IAM roles, KMS keys shared externally, Secrets Manager secrets, Lambda functions and others. Each finding shows the principal that has access, the actions allowed and the policy excerpt that grants it.

Key use cases

  • Triage external-access findings during an account review.
  • Validate that an intentional cross-account share has the expected scope.
  • Catch an accidentally-public S3 bucket the moment Access Analyzer flags it.
  • Audit which external accounts have access to which resources.

How to embed

lp.js is the single-entry loader: it injects the shared LightPane runtime (and sd-embed.css) once per page. Add this pane's own stylesheet and script; the pane mounts itself wherever the matching <div> is in the DOM.

<!-- In <head> — this pane's stylesheet -->
<link rel="stylesheet" href="https://lightpane.io/_pane-tests/aws/access-analyzer/access-analyzer.css">

<!-- Your access key (inline, or set window.lpEmbed.accessKey from your own JS) -->
<script>window.lpEmbed = { accessKey: "<your-access-key>" };</script>

<!-- Where the pane should appear -->
<div class="lp-access-analyzer-panel" data-lp-account="<your-account-alias>"></div>

<!-- Before </body> — shared loader + this pane's script -->
<script src="https://lightpane.io/embed/lp.js"></script>
<script src="https://lightpane.io/_pane-tests/aws/access-analyzer/access-analyzer.js" defer></script>

Tier

Available on Explorer and above.

Build notes

No outstanding build notes.