{"id":"iam-access-analyzer-three-functions","text":"IAM Access Analyzer has three distinct functions: (1) generate least-privilege policies from CloudTrail activity, (2) validate policy syntax and best practices (100+ checks), (3) detect and preview public/cross-account access.","truth_value":"IN","source":"entries/2026/03/08/iam-best-practices.md","source_url":"","source_hash":"3d778456f3ac0ade","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-access-analyzer-three-functions","truth_value":"IN","reason":"premise"}]}}