--- title: AWS IAM Access Analyzer description: AWS IAM Access Analyzer identifies publicly accessible resources breadcrumbs: Docs > Integrations > AWS IAM Access Analyzer --- # AWS IAM Access Analyzer Supported OS Integration version1.0.0 ## Overview{% #overview %} Use AWS Identity and Access Management (IAM) Access Analyzer across your Amazon account to continuously analyze IAM permissions granted with any of your account policies. Datadog integrates with Amazon IAM Access Analyzer using a Lambda function that ships its findings as logs to Datadog. Additionally, if you use Cloud Security, Datadog sends Amazon IAM Access Analyzer findings to [Cloud Security Identity Risks](https://docs.datadoghq.com/security/cloud_security_management/identity_risks.md), so you can Access Analyzer's unused-access findings to recommend downsized policies and enrich permissions-gap detections. You can use it to extend the time frame beyond Datadog's usual permissions-gap detections, which cover 90 days, by configuring Access Analyzer to analyze more (for example, 180 or 360 days). ## Setup{% #setup %} ### Log collection{% #log-collection %} 1. If you haven't already, set up the [Datadog Forwarder](https://docs.datadoghq.com/logs/guide/forwarder.md) Lambda function. 1. Create a new rule with type `Rule with an event pattern` in Amazon EventBridge. 1. For the event source configuration, select `Other`. For `Creation method`, select `Custom pattern (JSON editor)`. For `Event pattern`, copy and paste the following JSON: ```json { "source": ["aws.access-analyzer"] } ``` 1. Select `AWS service` to use as the target type. Select `Lambda function` as the target and select the Datadog Forwarder Lambda or enter the ARN. 1. Save your rule. 1. Once the AWS Access Analyzer runs and produces findings, the events will be picked up by the Datadog Lambda Forwarder tagged with `source:access-analyzer`. See the [Log Explorer](https://app.datadoghq.com/logs?query=source%3Aaccess-analyzer) to start exploring your logs. ## Data Collected{% #data-collected %} ### Metrics{% #metrics %} This integration does not include any metrics. ### Service Checks{% #service-checks %} This integration does not include any service checks. ### Logs{% #logs %} This integration can be configured to send logs. ### Events{% #events %} This integration does not include any events. ## Troubleshooting{% #troubleshooting %} Need help? Contact [Datadog support](https://docs.datadoghq.com/help).