What feature identifies unintended network access to your AWS resources?

The Network Access Analyzer is designed specifically to aid in identifying unintended network access to your AWS resources. This tool evaluates the configurations of your network settings to detect paths to resources that should not be accessible, helping you pinpoint potential security risks. It analyzes the permissions set on various resources and can highlight misconfigurations or overly permissive access settings.

While other tools and features, such as Security Groups and VPC Flow Logs, play significant roles in managing network security and monitoring, they serve different primary functions. Security Groups act as virtual firewalls to control inbound and outbound traffic to your resources. VPC Flow Logs provide detailed records of the traffic going to and from your network interfaces within your VPC, which is more about monitoring existing traffic rather than evaluating security configurations for unintended access.

AWS Shield is focused on providing DDoS protection and thus does not relate directly to identifying unintended access. Therefore, the specificity of the Network Access Analyzer in detecting unauthorized access makes it the appropriate choice for this question.