---
names:
  full: AWS Account IAM Access Analyzer is not enabled for all regions
  contextual: IAM Access Analyzer is not enabled for all regions
description: "Enable IAM Access analyzer for IAM policies about all resources in each\
  \ active AWS region. IAM Access Analyzer is a technology introduced at AWS reinvent\
  \ 2019. After the Analyzer is enabled in IAM, scan results are displayed on the\
  \ console showing the accessible resources. Scans show resources that other accounts\
  \ and federated users can access, such as KMS keys and IAM roles. So the results\
  \ allow you to determine if an unintended user is allowed, making it easier for\
  \ administrators to monitor least privileges access. Access Analyzer analyzes only\
  \ policies that are applied to resources in the same AWS Region."
type: COMPLIANCE_POLICY
categories:
  - "SECURITY"
frameworkMappings:
  - "/frameworks/cis-aws-v6.0.0/02/19"
  - "/frameworks/cloudaware/resource-security/secure-access"
similarPolicies:
  internal:
    - dec-x-ab7fc52e
  cloudConformity:
    - url: https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/IAM/access-analyzer-in-use.html
      name: IAM Access Analyzer in Use