* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* Enhanced Least-Privilege ...

# Enhanced Least-Privilege Recommendations from Prisma Cloud and AWS

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fciem-integration-aws-iam-access-analyzer%2F)  
[](https://twitter.com/share?text=Enhanced+Least-Privilege+Recommendations+from+Prisma+Cloud+and+AWS&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fciem-integration-aws-iam-access-analyzer%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fciem-integration-aws-iam-access-analyzer%2F&title=Enhanced+Least-Privilege+Recommendations+from+Prisma+Cloud+and+AWS&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/ciem-integration-aws-iam-access-analyzer/&ts=markdown)  
\[\](mailto:?subject=Enhanced Least-Privilege Recommendations from Prisma Cloud and AWS)  
Link copied  
By [Cameron Hyde](https://www.paloaltonetworks.com/blog/author/cameron-hyde/?ts=markdown "Posts by Cameron Hyde") and [Izabella Yankelevich](https://www.paloaltonetworks.com/blog/author/izabella-yankelevich/?ts=markdown "Posts by Izabella Yankelevich")  
Nov 27, 2023  
3 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown)  
[IAM](https://www.paloaltonetworks.com/blog/tag/iam/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/tag/partners/?ts=markdown)

Prisma Cloud's integration with AWS Identity and Access Management (IAM) Access Analyzer provides users with accurate least-privileged access recommendations.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/11/word-image-309493-1.png)

Palo Alto Networks is proud to partner with Amazon Web Services on their expanded AWS IAM Access Analyzer service. IAM Access Analyzer helps customers identify unused and external access to AWS resources.

## Prisma Cloud's New Integration with AWS IAM Access Analyzer

Amazon Web Services announced the expansion of AWS IAM Access Analyzer capabilities to include additional types of findings through access analysis. These features help customers detect unused access and external access for AWS services.

Through our partnership with Amazon Web Services, Prisma Cloud will integrate with the new release of AWS IAM Access Analyzer, increasing the granularity of our Prisma Cloud's Suggest Least-Privileged Access recommendations.
![Prisma Cloud’s Suggest Least-Privileged Access recommendations](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/11/word-image-309493-2.png)
Figure 1: Prisma Cloud's Suggest Least-Privileged Access recommendations

Previously, Prisma Cloud had utilized AWS Access Advisor data to enhance calculations on unused access at the service level. But with the new integration, Prisma Cloud users will be able to see what actions were taken within a specific service. This increased granularity will allow Prisma Cloud to give least-privileged access recommendations at a new and more targeted level. In other words, Prisma Cloud can now recommend removing unused access within a service, provisioning users with access to only the actions they need by integrating with IAM Access Analyzer.

Enforcing least-privilege at the action level will help our customers reduce the IAM attack surface.
![Prisma Cloud ingests data from AWS IAM Access Analyzer to provide least-privileged access recommendations to users.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/11/word-image-309493-3.png)
Figure 2: Prisma Cloud ingests data from AWS IAM Access Analyzer to provide least-privileged access recommendations to users.

At the core of this integration lies the seamless exchange of data. Prisma Cloud's last access calculation, which includes trail log data, is analyzed in conjunction with data ingested through the AWS IAM Access Analyzer APIs, ensuring that every relevant detail is considered when formulating Suggest Least-Privileged Access recommendations.

## Prisma Cloud Delivers CIEM for AWS

Organizations face a constant challenge in managing and securing identities and access permissions across their cloud environments. Prisma Cloud offers a comprehensive IAM security solution that empowers organizations to safeguard their cloud infrastructure.

Behind Prisma Cloud's cloud infrastructure entitlement management (CIEM) capabilities lies a complete visibility into net-effective permissions, providing deep insights into the access privileges held by AWS users and machine identities. This capability eliminates the complexity of traditional permission analysis, enabling users to effortlessly answer critical questions, like Which identities can access our most sensitive assets?

Prisma Cloud further extends its value by guiding users in maintaining and rightsizing IAM access, ensuring that it aligns with stringent cloud security standards without hindering the efficiency of daily operations.

## Learn More

If you'd like to experience securing your AWS environment with Prisma Cloud, try a free [30-day trial](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial).

*** ** * ** ***

## Related Blogs

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Securing GenAI with AI Runtime Security and NVIDIA NeMo Guardrails](https://www2.paloaltonetworks.com/blog/network-security/securing-genai-with-ai-runtime-security-and-nvidia-nemo-guardrails/)

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### UScellular and Palo Alto Networks Join Forces to Secure 5G](https://www2.paloaltonetworks.com/blog/2024/12/uscellular-and-palo-alto-networks-secure-5g/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)

[#### Prisma Cloud Offers Certified Red Hat Vulnerability Scanning for Red Hat OpenShift](https://www2.paloaltonetworks.com/blog/cloud-security/certified-red-hat-vulnerability-scan-2/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Google Cloud and Palo Alto Networks Deliver Cloud-Native NGFW Service](https://www2.paloaltonetworks.com/blog/2024/04/google-cloud-ngfw-enterprise/)

### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown)

[#### Mitigate Cloud Breaches With a Holistic Approach to Cloud Identity and Access](https://www2.paloaltonetworks.com/blog/cloud-security/defense-in-depth-cloud-identity-security/)

### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/category/cloud-infrastructure-entitlement-management/?ts=markdown)

[#### Customizing IAM Policies: The Key to Meeting Your Organization's Unique Needs](https://www2.paloaltonetworks.com/blog/cloud-security/customizing-iam-access-control-policies/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language