AWS

Access Analyzer

IAM Access Analyzer findings — resources accessible from outside the account's trust boundary.

Tier Explorer

Category Security & Identity

Refresh every 30 min

Scope regional

Live preview — demo data

What this pane shows

Every resource AWS IAM Access Analyzer has flagged as accessible from outside the trust boundary: public S3 buckets, cross-account IAM roles, KMS keys shared externally, Secrets Manager secrets, Lambda functions and others. Each finding shows the principal that has access, the actions allowed and the policy excerpt that grants it.

Key use cases

Triage external-access findings during an account review.
Validate that an intentional cross-account share has the expected scope.
Catch an accidentally-public S3 bucket the moment Access Analyzer flags it.
Audit which external accounts have access to which resources.

How to embed

Drop this snippet on any HTML page that loads lp-embed.js. The pane mounts itself wherever the matching <div> is in the DOM.

<div class="lp-access-analyzer-panel"
     data-lp-account="<your-account-alias>"></div>
<script src="https://lightpane.io/embed/lp-embed.js"
        data-lp-key="<your-access-key>"></script>
<script src="https://lightpane.io/_pane-tests/aws/access-analyzer/access-analyzer.js"
        defer></script>

Tier

Available on Explorer and above.

Build notes

No outstanding build notes.