IAM Access Analyzer

• Find out which resources are shared externally

• S3 Buckets

• IAM Roles

• KMS Keys

• Lambda Functions and Layers

• SQS queues

• Secrets Manager Secrets

• Define Zone of Trust = AWS Account or AWS Organization

• Access outside the zone of trusts => findings