Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?

The security team is concerned because the number of AWS Identity and Access Management (IAM) policies being used in the environment is increasing. The team tasked a SysOps administrator to report on the current number of IAM policies in use and the total available IAM policies.

Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?
A . AWS Trusted Advisor
B . Amazon Inspector
C . AWS Config
D . AWS Organizations

View Answer

Answer: A

Explanation:

Step-by-Step

Understand the Problem:

The security team is concerned about the increasing number of IAM policies.

The task is to report on the current number of IAM policies and compare them to the service limits.

Analyze the Requirements:

The solution should help in checking the usage of IAM policies against the service limits.

Evaluate the Options:

Option A: AWS Trusted Advisor

AWS Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.

It includes a service limits check that alerts you when you are approaching the limits of your AWS service usage, including IAM policies.

Option B: Amazon Inspector

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It does not report on IAM policy usage.

Option C: AWS Config

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. While useful for compliance, it does not provide a comparison against service limits.

Option D: AWS Organizations

AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources. It does not provide insights into IAM policy limits.

Select the Best Solution:

Option A: AWS Trusted Advisor is the correct answer because it includes a service limits check that can report on the current number of IAM policies in use and compare them to the service limits.

Reference: AWS Trusted Advisor Documentation

IAM Service Limits

AWS Trusted Advisor is the appropriate tool for monitoring IAM policy usage and comparing it against service limits, providing the necessary insights to manage and optimize IAM policies effectively.