The security team has found that an IAM role is shared with an external entity unexpectedly. To detect similar issues, your manager asks you to configure a mechanism to identify unintended access to resources and data for IAM, S3, KMS and Secret Manager. Which of the below AWS services would you choose to configure it?

Answer options:

A.IAM Access Analyzer
B.Service Control Policies
C.Credential Report
D.AWS Inspector

Correct Answer: A
Option A is CORRECT because IAM Access Analyzer can be used to monitor access to resources. It can identify security risks if there is unintended access to your AWS resources and data.
Option B is incorrect because Service Control Policies control permissions for entities are used in an AWS Organization member accounts. It cannot detect unintended access.
Option C is incorrect because Credential Report is used to list all the account`s users and the status of credentials. It cannot identify unintended access automatically.
Option D is incorrect because AWS Inspector is a tool to determine the security state of EC2 instances. But it cannot check unexpected access for other resources such as S3.
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html