Which AWS tool helps identify resources shared with external entities through IAM policies?

The IAM Access Analyzer is the correct choice because it is specifically designed to help users identify resources that are shared with external entities through IAM policies. This tool analyzes resource-based policies to determine whether they allow access to principals outside of the AWS account. By doing so, it helps organizations maintain secure access controls and adhere to the principle of least privilege, allowing you to proactively manage and rectify any unintended access to resources.

In contrast, the other tools listed serve different purposes: AWS CloudTrail primarily tracks API calls and records the actions taken on AWS resources for auditing and compliance. Amazon Macie focuses on data privacy and security by using machine learning to discover, classify, and protect sensitive data stored in Amazon S3. AWS GuardDuty is a security monitoring tool that detects malicious activity and unauthorized behavior in your AWS accounts and workloads. While all of these tools contribute to AWS security in various capacities, the IAM Access Analyzer uniquely addresses the need to identify external sharing of resources through IAM policies.