Step-by-Step Explanation:
Understand the Problem:
The security team is concerned about the increasing number of IAM policies.
The task is to report on the current number of IAM policies and compare them to the service limits.
Analyze the Requirements:
The solution should help in checking the usage of IAM policies against the service limits.
Evaluate the Options:
Option A: AWS Trusted Advisor
AWS Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.
It includes a service limits check that alerts you when you are approaching the limits of your AWS service usage, including IAM policies.
Option B: Amazon Inspector
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It does not report on IAM policy usage.
Option C: AWS Config
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. While useful for compliance, it does not provide a comparison against service limits.
Option D: AWS Organizations
AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources. It does not provide insights into IAM policy limits.
Select the Best Solution:
Option A: AWS Trusted Advisor is the correct answer because it includes a service limits check that can report on the current number of IAM policies in use and compare them to the service limits.
AWS Trusted Advisor Documentation
IAM Service Limits
AWS Trusted Advisor is the appropriate tool for monitoring IAM policy usage and comparing it against service limits, providing the necessary insights to manage and optimize IAM policies effectively.
