公开(公告)号：US20240114035A1

公开(公告)日：2024-04-04

申请号：US17957904

申请日：2022-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Neha RUNGTA ,  Chungha SUNG ,  Amit GOEL ,  Zvonimir RAKAMARIC ,  Loris D'ANTONI

IPC: H04L9/40

CPC classification number: H04L63/107 ,  H04L63/102

Abstract: Techniques are described for providing a policy refiner application used to analyze and recommend modifications to identity and access management policies created by users of a cloud provider network (e.g., to move the policies toward least-privilege permissions). A policy refiner application receives as input a policy to analyze, and a log of events related to activity associated with one or more accounts of a cloud provider network. The policy refiner application can identify, from the log of events, actions that were permitted based on particular statements contained in the policy. Based on field values contained in the corresponding events, the policy refiner application generates an abstraction of the field values, where the abstraction of the field values may represent a more restrictive version of the field from a policy perspective. These abstractions can be presented to users as recommendations for modifying their policy to reduce the privileges granted by the policy.