About IAMTrail
An unofficial archive tracking every change to AWS Managed IAM Policies since 2019 - with full version history, diffs, and policy validation.
What is IAMTrail?
AWS updates its managed IAM policies constantly - often without announcement. IAMTrail catches every change and stores full version history in Git, so you can see exactly what was added, removed, or modified.
This is useful for staying on top of security changes, spotting new AWS service launches early (via v1 policies), and keeping compliance documentation current.
How It Works
Automated Collection
A scheduled task fetches all AWS managed policies via the AWS API multiple times per day on weekdays.
Git Version Control
Each policy is stored as a JSON file. When changes are detected, they are committed to Git with full diff history preserved indefinitely.
Policy Validation
Every policy is validated using AWS IAM Access Analyzer to flag security warnings, best practice issues, and redundant statements.
Notifications
Policy changes are broadcast on Bluesky, X, and via email digests.
AWS Account Lookup
IAMTrail includes a Known AWS Account Lookup tool powered by the fwdcloudsec/known_aws_accounts community dataset. Paste an AWS account ID to identify its owner - useful when investigating CloudTrail logs, S3 bucket policies, or IAM trust relationships.
Credits
The original idea for tracking AWS Managed IAM Policies comes from Scott Piper (SummitRoute), who created the aws_managed_policies repository. IAMTrail builds on that idea with automated infrastructure, continuous monitoring, policy validation, and this web interface.
Created and maintained by zoph.io, an AWS Cloud Advisory Boutique based in France, specializing in cloud security, compliance, and infrastructure automation.
This is an unofficial archive and is not affiliated with, endorsed by, or sponsored by Amazon Web Services (AWS). AWS and related marks are trademarks of Amazon.com, Inc.