AWS Identity and Access Management (IAM) access advisor uses data analysis to help you set permission guardrails confidently by providing service last accessed information for your accounts, organizational units (OUs), and your organization managed by AWS Organizations. Permission guardrails help control which services your developers and applications can access. By analyzing last accessed information, you can determine the services not used by IAM users and roles. You can implement permissions guardrails using service control policies (SCPs) that restrict access to those services.
from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/06/now-use-iam-access-advisor-with-aws-organizations-to-set-permission-guardrails-confidently/