Home Security & Privacy AWS IAM Access Advisor

AWS IAM Access Advisor Cheat Sheet

Prune unused permissions

Last Updated: November 21, 2025

Focus Areas

Focus
Pull last accessed insights per service
Document who approved revocations

Commands & Queries

aws iam generate-service-last-accessed-details --arn arn
Start report
aws iam get-service-last-accessed-details --job-id id
View usage
aws iam delete-policy-policy --policy-arn arn
Prune policies

Summary

Access Advisor trims IAM bloat while preserving functionality.

Related Cheat Sheets

Vault Secrets Engines

Enable engines, generate dynamic credentials, and renew leases

Incident Response

Declare incidents, contain, communicate, and learn

Node.js Security

Audit dependencies, configure CSP, and lock env variables

Passwordless Authentication

Deploy magic links, WebAuthn passkeys, and OTP flows

💡 Pro Tip: Automate monthly reviews and notify owners before revoking.

Related Cheat Sheets

Browse all Security & Privacy →

← Back to Security & Privacy | Browse all categories | View all cheat sheets