The Cloud IAM Compliance Checker is developed to analyze and monitor Identity and Access Management (IAM) configurations in AWS environments. The system automatically detects excessive permissions, misconfigurations, and security risks associated with IAM users, roles, and policies. It helps organizations maintain secure access control by identifying vulnerabilities that may lead to unauthorized access or data breaches. The system connects securely to AWS using credential validation through Security Token Service (STS) and retrieves IAM entities for analysis. It identifies risky configurations such as wildcard permissions, over-privileged access, and high-risk policies using rule-based logic aligned with security best practices. This automated approach reduces the need for manual auditing and improves the accuracy of security assessments.The system classifies risks into four levels: low, medium, high, and critical. The results are presented through a structured dashboard and reports, providing actionable insights for improving cloud security. This enables administrators to quickly understand security issues, take corrective actions, and ensure compliance with organizational security standards. Overall, the system enhances visibility, strengthens access control, and supports efficient cloud security management.

This research presents the proposed Cloud IAM Compliance Checker, a comprehensive system designed to analyze and monitor Identity and Access Management (IAM) configurations in AWS environments through real-time evaluation and rule-based risk detection. The system addresses the critical challenge of identifying excessive permissions, misconfigurations, and over-privileged access, which continue to be major security threats in cloud infrastructures. The key contribution of this work lies in the development of a rule-based IAM analysis engine that accurately classifies risks into low, medium, high, and critical levels while ensuring high detection reliability and minimal false positives. Unlike traditional manual auditing approaches that are time- consuming and error-prone, the proposed system automates IAM security analysis by combining real-time data retrieval, policy evaluation, and structured risk classification. The experimental evaluation demonstrates that the system achieves high accuracy in detecting wildcard permissions, administrative access, and excessive privilege assignments. The system maintains strong precision and recall, ensuring that detected risks are both accurate and comprehensive. The near real-time processing capability, with an average detection latency of 1 to 3 seconds, enables timely identification of security issues before they lead to potential exploitation. The modular and scalable architecture ensures that the system can be deployed efficiently in practical cloud environments while maintaining optimal performance. The user-friendly dashboard and reporting features provide clear visibility into IAM security posture, allowing administrators to take informed corrective actions. Furthermore, the rule-based approach ensures transparency and interpretability, enabling security analysts to understand the reasoning behind each detected risk, unlike black-box models. This improves trust and usability in real-world applications.Future work can focus on extending the system with multi-cloud support, integrating intelligent analysis techniques such as machine learning for adaptive risk detection, enabling automated remediation actions, and enhancing real- time monitoring capabilities. In conclusion, the proposed Cloud IAM Compliance Checker provides a practical, efficient, and reliable solution for IAM security analysis, significantly improving access control management and strengthening the overall security posture of cloud-based systems.

[1]Alen Paul, Rishi Manoj,S.Udhayakumar, “Amazon Web Services Cloud Compliance Automation with Open Policy Agent”, IEEE, 2024. [2]William Eiers, Ganesh Sankaran, Albert Li,Emily O’Mahony, Benjamin Prince, and Tevfik Bultan, ” Quantifying Permissiveness of Access Control Policies”, IEEE, 2022. [3]Somchart Fugkeaw, ” Achieving Decentralized and Dynamic SSO-Identity Access Management System for Multi- Application outsourced in Cloud”, IEEE, 2023. [4]Upesh Kumar Rapolu, “Implementing Multi- Cloud Strategies with Azure, Amazon Web Services (AWS), and, Google Cloud for Enhanced Business Continuity”, 2023 [5]Thomas Baumer, Mathis Muller, and Gunther Pernul, ” System for Cross- Domain Identity and Management (SCIM): Survey and Enhancement with RBAC”, IEEE, 2023. [6]Permission Aware RAG: Identity and Access Management (IAM)-Based Access Filtering in Multi- Resource Environment”, IEEE, 2025.

© 2025 International Journal of Engineering and Techniques (IJET).

Digital Object Identifier (DOI)

IJET assigns a unique DOI to every accepted article via Zenodo for persistent linking and citation. Your article’s DOI: https://doi.org/{{doi}}

Open DOI About Zenodo DOI

Close