AWS
Access Analyzer
IAM Access Analyzer findings — resources accessible from outside the account's trust boundary.
Live preview — demo data
What this pane shows
Every resource AWS IAM Access Analyzer has flagged as accessible from outside the trust boundary: public S3 buckets, cross-account IAM roles, KMS keys shared externally, Secrets Manager secrets, Lambda functions and others. Each finding shows the principal that has access, the actions allowed and the policy excerpt that grants it.
Key use cases
- Triage external-access findings during an account review.
- Validate that an intentional cross-account share has the expected scope.
- Catch an accidentally-public S3 bucket the moment Access Analyzer flags it.
- Audit which external accounts have access to which resources.
How to embed
lp.js is the single-entry loader: it injects the shared LightPane runtime
(and sd-embed.css) once per page. Add this pane's own stylesheet and script;
the pane mounts itself wherever the matching <div> is in the DOM.
<!-- In <head> — this pane's stylesheet -->
<link rel="stylesheet" href="https://lightpane.io/_pane-tests/aws/access-analyzer/access-analyzer.css">
<!-- Your access key (inline, or set window.lpEmbed.accessKey from your own JS) -->
<script>window.lpEmbed = { accessKey: "<your-access-key>" };</script>
<!-- Where the pane should appear -->
<div class="lp-access-analyzer-panel" data-lp-account="<your-account-alias>"></div>
<!-- Before </body> — shared loader + this pane's script -->
<script src="https://lightpane.io/embed/lp.js"></script>
<script src="https://lightpane.io/_pane-tests/aws/access-analyzer/access-analyzer.js" defer></script>
Tier
Available on Explorer and above.
Build notes
No outstanding build notes.