IAM Policy Autopilot adds Java support and Terraform-aware policy generation

Amazon Web Services has expanded its open-source IAM Policy Autopilot tool with Java language support and Terraform-aware policy generation capabilities. The tool, which was initially launched at re:Invent 2025, automatically analyzes application source code to generate baseline AWS Identity and Access Management policies, helping developers reduce the time spent writing IAM policies and troubleshooting access issues. Java support was among the most requested features from users, joining the existing support for Python, TypeScript, and Go. The new Terraform integration represents a significant enhancement to the tool's precision in policy generation. IAM Policy Autopilot can now cross-reference Terraform resource definitions with SDK calls in application code to resolve actual resource Amazon Resource Names (ARNs) for each IAM action. This means that instead of generating overly permissive policies with wildcard (*) resources, the tool can now create more specific policies that reference actual infrastructure resources defined in Terraform configurations. The enhanced tool addresses a common challenge in AWS security management where developers often struggle to create appropriately scoped IAM policies, frequently defaulting to overly permissive configurations. IAM Policy Autopilot remains available at no cost through its GitHub repository, allowing developers to run the analysis locally on their own machines.