AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity?

Real Exam

Community

RRitesh

Last updated: December 2, 2025 at 18:03

AWS Service Catalog

AWS Systems Manager

AWS IAM Access Analyzer

AWS Organizations

Explanation:

AWS IAM Access Analyzer is the correct service for identifying whether AWS resources like Amazon S3 buckets or IAM roles have been shared with external entities. Here's why:

Purpose of IAM Access Analyzer: This service helps you identify resources in your organization and accounts that are shared with an external entity. It analyzes resource-based policies to determine if resources are accessible from outside your AWS environment.
How it works: IAM Access Analyzer continuously monitors your AWS environment and alerts you when it finds resources that are shared with external principals (entities outside your AWS organization, another AWS account, or the public).
Resources it can analyze:
- Amazon S3 buckets
- IAM roles
- AWS KMS keys
- Amazon SQS queues
- AWS Lambda functions
- And other resource types that support resource-based policies
Comparison with other options:
- AWS Service Catalog: Manages catalogs of IT services that are approved for use on AWS
- AWS Systems Manager: Provides operational insights and automates tasks across AWS resources
- AWS Organizations: Helps centrally manage and govern multiple AWS accounts
Key benefit: IAM Access Analyzer helps improve security posture by identifying unintended access to resources, which is crucial for compliance and security best practices.

Correct Answer: C - AWS IAM Access Analyzer

Powered ByGPT-5.2

Comments

Loading comments...