Free AWS IAM Policy Diff Tool
Reviewing a pull request that changes an IAM policy, or comparing a role's permissions before and after an incident? Paste both versions below to see exactly which action/resource pairs were added or removed, with privilege-sensitive additions (like iam:PassRole or sts:AssumeRole) called out separately.
Policy A (before)
Policy B (after)
Runs entirely in your browser. Nothing is sent anywhere or logged. Compares the literal action/resource lists in each statement — it does not expand wildcards or simulate what a policy actually grants. For that, use the full analyzer below.