AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-06-19 · Documentation low

File: IAM/latest/UserGuide/access-analyzer-manage-unused.md

Summary

Updated UI navigation steps, added note about findings availability delay, and renumbered procedure steps for unused access analyzer management

Security assessment

Changes focus on interface navigation updates and procedural step adjustments. The added note about delayed findings provides operational clarity but does not address security vulnerabilities or introduce new security features. No mention of security incidents or mitigations.

Diff

diff --git a/IAM/latest/UserGuide/access-analyzer-manage-unused.md b/IAM/latest/UserGuide/access-analyzer-manage-unused.md
index d9ac98ded..e6e7dca55 100644
--- a//IAM/latest/UserGuide/access-analyzer-manage-unused.md
+++ b//IAM/latest/UserGuide/access-analyzer-manage-unused.md
@@ -10,0 +11,4 @@ Use the information in this topic to learn about how to update or delete an exis
+###### Note
+
+After you create or update an analyzer, it can take time for findings to be available.
+
@@ -19,3 +23 @@ IAM Access Analyzer charges for unused access analysis based on the number of IA
-  2. Under **Access analyzer** , choose **Unused access**.
-
-  3. Choose an analyzer from the **View analyzer** dropdown.
+  2. Under **Access analyzer** , choose **Analyzer settings**.
@@ -23 +25 @@ IAM Access Analyzer charges for unused access analysis based on the number of IA
-  4. Choose **Manage analyzer**.
+  3. In the **Analyzers** section, choose the name of the unused access analyzer to manage.
@@ -25 +27 @@ IAM Access Analyzer charges for unused access analysis based on the number of IA
-  5. On the **Exclusion** tab, if the analyzer was created for an organization as the scope of analysis, choose **Manage** in the **Excluded AWS accounts** section.
+  4. On the **Exclusion** tab, if the analyzer was created for an organization as the scope of analysis, choose **Manage** in the **Excluded AWS accounts** section.
@@ -51 +53 @@ The accounts are then listed in the **AWS accounts to exclude** table.
-  6. On the **Exclusion** tab, choose **Manage** in the **Excluded IAM users and roles with tags** section.
+  5. On the **Exclusion** tab, choose **Manage** in the **Excluded IAM users and roles with tags** section.
@@ -61 +63 @@ The accounts are then listed in the **AWS accounts to exclude** table.
-  7. On the **Archive rules** tab, you can create, edit, or delete archive rules for the analyzer. For more information, see [Archive rules](./access-analyzer-archive-rules.html).
+  6. On the **Archive rules** tab, you can create, edit, or delete archive rules for the analyzer. For more information, see [Archive rules](./access-analyzer-archive-rules.html).
@@ -63 +65 @@ The accounts are then listed in the **AWS accounts to exclude** table.
-  8. On the **Tags** tab, you can manage and create tags for the analyzer. For more information, see [Tags for AWS Identity and Access Management resources](./id_tags.html).
+  7. On the **Tags** tab, you can manage and create tags for the analyzer. For more information, see [Tags for AWS Identity and Access Management resources](./id_tags.html).
@@ -76 +78 @@ Use the following procedure to delete an unused access analyzer. When you delete
-  3. Choose an analyzer from the **View analyzer** dropdown.
+  3. Under **Access analyzer** , choose **Analyzer settings**.
@@ -78 +80 @@ Use the following procedure to delete an unused access analyzer. When you delete
-  4. Choose **Manage analyzer**.
+  4. In the **Analyzers** section, choose the name of the unused access analyzer to delete.