Generate the policy based on CloudTrail ( via CWL )

[kisst]

Just want to check if this is within the scope of the project or should be a separated one.

Here is the idea: In most cases CloudTrail ships to both both S3 and CloudWatch logs, via Log insight it's possible to filter it down to the given user and time-window, and etc, hence it can be a valid source for the policy, so instead of local interception, which doesn't work with web click about actions anyway, just use the cloud side of audit trail and generate the policy based on that instead.

Does it make sense to integrate this kind of functionality into iamlive ?

[kisst]

Closing in favor of the official solution https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-generation.html