Periodic review of your IAM roles is recommended to ensure that they grant the minimum privileges required for the function to perform (least privilege)
In particular, review asterisks in policies: … “Action”: “service-prefix": “*” … or … “Resource”: “*” …
Frequently when these broad permits are granted it is due to lack of dedication/effort in the construction of a more specific IAM policy.
Use IAM Access Advisor to identify unused access:
IAM Access Analyzer has a policy generation capability based on user activity (as reflected on AWS Cloudtrail). Use this functionality to refine policies with excessive permissions, not used in a significant period of time (which will depend on its use case).