Free AWS IAM Policy Analyzer
Paste an IAM policy document below to instantly check it for risky permissions — wildcard actions, privilege escalation, public access, and more.
🔒 Runs entirely in your browser. Your policy is never uploaded or stored.
What this tool checks
- ✓Full administrative access (Action "*" on Resource "*")
- ✓Wildcard and service-wide actions (e.g. s3:*)
- ✓Wildcard resources without a Condition
- ✓Public / cross-account access via Principal "*"
- ✓Privilege-escalation actions (iam:PassRole, iam:AttachRolePolicy, sts:AssumeRole, …)
- ✓Allow combined with NotAction / NotResource
- ✓Sensitive data access (secrets, KMS, S3) on all resources
This is a static heuristic check on a single policy document. It does not evaluate policy interactions, resource policies, SCPs, or permission boundaries across your account — the things that determine effective access in practice.
Want continuous, account-wide analysis?
AccessLens scans every IAM role and policy across your AWS accounts, maps cross-account trust relationships, scores risk, and generates compliance reports — automatically.