Administrators befuddled by AWS access-denied messages will welcome a new open-source tool announced Thursday by cloud infrastructure security company Ermetic. The Access Undenied tool analyzes AWS CloudTail AccessDenied events by scanning an environment to identify and explain the reasons for the events and offer actionable, least-privilege remediation suggestions.
“AWS access management is a highly complex system,” Ermetic Research Lead Noam Dahan explained in an interview. “It has a lot of moving parts, a lot of policies. Plus every piece of information is complex, as well. That can make questions about ‘why can’t I access this’ incredibly complicated.”