Free CloudFormation IAM Checker

Most IAM risk reaches AWS through infrastructure-as-code, where an over-permissioned role is easy to write and hard to spot in review. Paste a JSON CloudFormation template below to extract every IAM role, policy, and trust document it creates and flag the risky ones — wildcard actions, privilege-escalation permissions, admin managed policies like AdministratorAccess, and trust policies that let anyone assume a role. It runs entirely in your browser: nothing is uploaded or logged.

Runs entirely in your browser. Nothing is sent anywhere or logged. JSON templates only — these are quick static checks. For AI-Powered reasoning and a fixed template, use the full analyzer below.

JSON templates, and what the static checks see

This tool parses JSON CloudFormation templates. If your template is YAML, convert it to JSON (for example with the AWS CLI or cfn-flip) or paste the synthesized template. Policy values built from CloudFormation intrinsics (Ref, Fn::Sub, and similar) resolve only at deploy time, so the static checks read the literal parts and flag the rest for review.

These are quick structural checks, not a full evaluation. For AI-Powered reasoning across the whole template and a corrected version, use Shieldly's CloudFormation analyzer. See also the IAM policy linter and trust policy explainer.

Get AI-Powered analysis + the fixed template

The full analyzer explains every finding and returns a tightened CloudFormation template in seconds. Free, no signup. Also ships as CLI, VS Code extension, GitHub Action, and CDK Guard.

Amazon Web Services (AWS) is a trademark of Amazon.com, Inc. Shieldly is not affiliated with, endorsed by, or sponsored by Amazon Web Services.