AWS – IAM Access Analyzer makes it easier to implement least privilege permissions by generating IAM policies based on access activity
When we launched IAM Access Analyzer, we started by helping you remove unintended public and cross account access by analyzing your existing permissions. Recently, IAM Access Analyzer added policy validation to help you set secure and functional permissions during policy authoring. Now, we are taking that a step further and generating policies for you. You can now use IAM Access Analyzer to generate fine-grained policies based on your access activity found in your CloudTrail. When you request a policy, IAM Access Analyzer gets to work and generates a policy by analyzing your CloudTrail logs to identify your activity. The generated policy makes it easier to grant only the required permissions for your workloads.
Read More for the details.