...
- Back on the details page for your finding, click on the Go to IAM console button to see the role details in IAM.
- Click on the Trust relationships tab and note that the role does indeed trust arn:aws:iam::2251********:role/bad-actor
- Click on the Delete role button, and confirm by clicking Yes, delete.
Part 1D - Rescan
When we change the access to a resource or delete a resource entirely, we can prompt Access Analyzer to rescan the resource to confirm that the Finding is no longer relevant (i.e., is resolved).
- Repeat the steps in Part 1B to find the Finding about "your" example-role-NETID Role.
- Drill into the finding details.
- Click on Rescan to tell Access Analyzer to review the Finding and check whether the access still exists.
- If the access remains unchanged, so will the Finding details.
- If you have successfully deleted "your" example-role-NETID Role, or changed the trust policy so that it no longer trusts the bad-actor Role, then the status of the Finding will be changed to
Resolved.
RESCAN
Part 2 – Archive a Finding
...