Free Least-Privilege Policy Generator from CloudTrail

The fastest way to right-size an over-broad role is to look at what it actually calls. Paste a sample of CloudTrail events below — a JSON array, or one event object per line — and get back a minimal IAM policy scoped to exactly the services, actions, and resource ARNs that appear in the sample.

Runs entirely in your browser. Nothing is sent anywhere or logged. This reflects only what appears in the sample you paste — it is a starting point to review and tighten, not a complete policy for every action the workload might ever need.