Social
Automated reasoning

New AWS tool recommends removal of unused permissions

IAM Access Analyzer feature uses automated reasoning to recommend policies that remove unused accesses, helping customers achieve “least privilege”.

By Loris D'AntoniChungha Sung
December 19, 2024
7 min read
Share

AWS Identity and Access Management (IAM) policies provide customers with fine-grained control over who has access to what resources in the Amazon Web Services (AWS) Cloud. This control helps customers enforce the principle of least privilege by granting only the permissions required to perform particular tasks. In practice, however, writing IAM policies that enforce least privilege requires customers to understand what permissions are necessary for their applications to function, which can become challenging when the scale of the applications grows.

To help customers understand what permissions are not necessary, we launched IAM Access Analyzer unused access findings at the 2023 re:Invent conference. IAM Access Analyzer analyzes your AWS accounts to identify unused access and creates a centralized dashboard to report its findings. The findings highlight unused roles and unused access keys and passwords for IAM users. For active IAM roles and users, the findings provide visibility into unused services and actions.

Policy checks in context.png
Related content
Custom policy checks help democratize automated reasoning
New IAM Access Analyzer feature uses automated reasoning to ensure that access policies written in the IAM policy language don’t grant unintended access.

To take this service a step further, in June 2024 we launched recommendations to refine unused permissions in Access Analyzer. This feature recommends a refinement of the customer’s original IAM policies that retains the policy structure while removing the unused permissions. The recommendations not only simplify removal of unused permissions but also help customers enact the principle of least privilege for fine-grained permissions.

In this post, we discuss how Access Analyzer policy recommendations suggest policy refinements based on unused permissions, which completes the circle from monitoring overly permissive policies to refining them.

Policy recommendation in practice

Let's dive into an example to see how policy recommendation works. Suppose you have the following IAM policy attached to an IAM role named MyRole:

{
  "Version": "2012-10-17",
  "Statement": [
   {
      "Effect": "Allow",
      "Action": [
        "lambda:AddPermission",
        "lambda:GetFunctionConfiguration",
        "lambda:UpdateFunctionConfiguration",
        "lambda:UpdateFunctionCode",
        "lambda:CreateFunction",
        "lambda:DeleteFunction",
        "lambda:ListVersionsByFunction",
        "lambda:GetFunction",
        "lambda:Invoke*"
      ],
      "Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-lambda"
   },
  {
    "Effect" : "Allow",
    "Action" : [
      "s3:Get*",
      "s3:List*"
    ],
    "Resource" : "*"
  }
 ]
}



        
The above policy has two policy statements:
  • The first statement allows actions on a function in AWS Lambda, an AWS offering that provides function execution as a service. The allowed actions are specified by listing individual actions as well as via the wildcard string lambda:Invoke*, which permits all actions starting with Invoke in AWS Lambda, such as lambda:InvokeFunction.
  • The second statement allows actions on any Amazon Simple Storage Service (S3) bucket. Actions are specified by two wildcard strings, which indicate that the statement allows actions starting with Get or List in Amazon S3.
Enabling Access Analyzer for unused finding will provide you with a list of findings, each of which details the action-level unused permissions for specific roles. For example, for the role with the above policy attached, if Access Analyzer finds any AWS Lambda or Amazon S3 actions that are allowed but not used, it will display them as unused permissions.

            

  

    

        

        

          

            
              

                  Related content
              

            
            
                
A billion SMT queries a day

            

            
    
Amazon Web Services (AWS) is a cloud computing services provider that has made significant investments in applying formal methods to proving correctness of its internal systems and providing assurance of correctness to their end-users. In this paper, we focus on how we built abstractions and eliminated specifications to scale a verification engine for AWS access policies, Zelkova, to be usable by all AWS



          

        

    

  




        
The unused permissions define a list of actions that are allowed by the IAM policy but not used by the role. These actions are specific to a namespace, a set of resources that are clustered together and walled off from other namespaces, to improve security. Here is an example in Json format that shows unused permissions found for MyRole with the policy we attached earlier:

            

    
[
 {
    "serviceNamespace": "lambda",
    "actions": [
      "UpdateFunctionCode",
      "GetFunction",
      "ListVersionsByFunction",
      "UpdateFunctionConfiguration",
      "CreateFunction",
      "DeleteFunction",
      "GetFunctionConfiguration",
      "AddPermission"
    ]
  },
  {
    "serviceNamespace": "s3",
    "actions": [
        "GetBucketLocation",
        "GetBucketWebsite",
        "GetBucketPolicyStatus",
        "GetAccelerateConfiguration",
        "GetBucketPolicy",
        "GetBucketRequestPayment",
        "GetReplicationConfiguration",
        "GetBucketLogging",
        "GetBucketObjectLockConfiguration",
        "GetBucketNotification",
        "GetLifecycleConfiguration",
        "GetAnalyticsConfiguration",
        "GetBucketCORS",
        "GetInventoryConfiguration",
        "GetBucketPublicAccessBlock",
        "GetEncryptionConfiguration",
        "GetBucketAcl",
        "GetBucketVersioning",
        "GetBucketOwnershipControls",
        "GetBucketTagging",
        "GetIntelligentTieringConfiguration",
        "GetMetricsConfiguration"
    ]
  }
]




        
This example shows actions that are not used in AWS Lambda and Amazon S3 but are allowed by the policy we specified earlier.

            

  

    

        
            

                
                    
    
        Neha Rungta
    

                
            

        

        

          

            
              

                  Related content
              

            
            
                
For Neha Rungta, it's the journey that matters

            

            
    
Rungta had a promising career with NASA, but decided the stars aligned for her at Amazon.



          

        

    

  




        
How could you refine the original policy to remove the unused permissions and achieve least privilege? One option is manual analysis. You might imagine the following process:
  • Find the statements that allow unused permissions;
  • Remove individual actions from those statements by referencing unused permissions.
This process, however, can be error prone when dealing with large policies and long lists of unused permissions. Moreover, when there are wildcard strings in a policy, removing unused permissions from them requires careful investigation of which actions should replace the wildcard strings.
Policy recommendation does this refinement automatically for customers!
The policy below is one that Access Analyzer recommends after removing the unused actions from the policy above (the figure also shows the differences between the original and revised policies):

            

    
{
  "Version": "2012-10-17",
  "Statement" : [
   {
      "Effect" : "Allow",
      "Action" : [
-       "lambda:AddPermission",
-       "lambda:GetFunctionConfiguration",
-       "lambda:UpdateFunctionConfiguration",
-       "lambda:UpdateFunctionCode",
-       "lambda:CreateFunction",
-       "lambda:DeleteFunction",
-       "lambda:ListVersionsByFunction",
-       "lambda:GetFunction",
        "lambda:Invoke*"
      ],
      "Resource" : "arn:aws:lambda:us-east-1:123456789012:function:my-lambda"
    },
    {
     "Effect" : "Allow",
     "Action" : [
-      "s3:Get*",
+      "s3:GetAccess*",
+      "s3:GetAccountPublicAccessBlock",
+      "s3:GetDataAccess",
+      "s3:GetJobTagging",
+      "s3:GetMulti*",
+      "s3:GetObject*",
+      "s3:GetStorage*",
       "s3:List*"
     ],
     "Resource" : "*"
   }
  ]
}




        
Let’s take a look at what’s changed for each policy statement.
For the first statement, policy recommendation removes all individually listed actions (e.g., lambda:AddPermission), since they appear in unused permissions. Because none of the unused permissions starts with lambda:Invoke, the recommendation leaves lambda:Invoke* untouched.
For the second statement, let’s focus on what happens to the wildcard s3:Get*, which appears in the original policy. There are many actions that can start with s3:Get, but only some of them are shown in the unused permissions. Therefore, s3:Get* cannot just be removed from the policy. Instead, the recommended policy replaces s3:Get* with seven actions that can start with s3:Get but are not reported as unused.

            

  

    

        
            

                
                    
    
        Automated Reasoning 
    

                
            

        

        

          

            
              

                  Related content
              

            
            
                
How AWS’s Automated Reasoning Group helps make AWS and other Amazon products more secure

            

            
    
Amazon scientists are on the cutting edge of using math-based logic to provide better network security, access management, and greater reliability.



          

        

    

  




        
Some of these actions (e.g., s3:GetJobTagging) are individual ones, whereas others contain wildcards (e.g., s3:GetAccess* and s3:GetObject*). One way to manually replace s3:Get* in the revised policy would be to list all the actions that start with s3:Get except for the unused ones. However, this would result in an unwieldy policy, given that there are more than 50 actions starting with s3:Get.
Instead, policy recommendation identifies ways to use wildcards to collapse multiple actions, outputting actions such as s3:GetAccess* or s3:GetMulti*. Thanks to these wildcards, the recommended policy is succinct but still permits all the actions starting with s3:Get that are not reported as unused.
How do we decide where to place a wildcard in the newly generated wildcard actions? In the next section, we will dive deep on how policy recommendation generalizes actions with wildcards to allow only those actions that do not appear in unused permissions.
A deep dive into how actions are generalized
Policy recommendation is guided by the mathematical principle of “least general generalization” — i.e., finding the least permissive modification of the recommended policy that still allows all the actions allowed by the original policy. This theorem-backed approach guarantees that the modified policy still allows all and only the permissions granted by the original policy that are not reported as unused.
To implement the least-general generalization for unused permissions, we construct a data structure known as a trie, which is a tree each of whose nodes extends a sequence of tokens corresponding to a path through the tree. In our case, the nodes represent prefixes shared among actions, with a special marker for actions reported in unused permissions. By traversing the trie, we find the shortest string of prefixes that does not contain unused actions.
The diagram below shows a simplified trie delineating actions that replace the S3 Get* wildcard from the original policy (we have omitted some actions for clarity):

            

    

        
    
        Access Analyzer trie.png
    


        

        
    


    
        
A trie delineating actions that can replace the Get* wildcard in an IAM policy. Nodes containing unused actions are depicted in orange; the remaining nodes are in green.

    


        
At a high level, the trie represents prefixes that are shared by some of the possible actions starting with s3:Get. Its root node represents the prefix Get; child nodes of the root append their prefixes to Get. For example, the node named Multi represents all actions that start with GetMulti.

            

  

    

        
            

                
                    
    
        Elliptic-curve addition.gif
    

                
            

        

        

          

            
              

                  Related content
              

            
            
                
Better-performing “25519” elliptic-curve cryptography

            

            
    
Automated reasoning and optimizations specific to CPU microarchitectures improve both performance and assurance of correct implementation.



          

        

    

  




        
We say that a node is safe (denoted in green in the diagram) if none of the unused actions start with the prefix corresponding to that node; otherwise, it is unsafe (denoted in orange). For example, the node s3:GetBucket is unsafe because the action s3:GetBucketPolicy is unused. Similarly, the node ss is safe since there are no unused permissions that start with GetAccess.
We want our final policies to contain wildcard actions that correspond only to safe nodes, and we want to include enough safe nodes to permit all used actions. We achieve this by selecting the nodes that correspond to the shortest safe prefixes—i.e., nodes that are themselves safe but whose parents are not. As a result, the recommended policy replaces s3:Get* with the shortest prefixes that do not contain unused permissions, such as s3:GetAccess*, s3:GetMulti* and s3:GetJobTagging.
Together, the shortest safe prefixes form a new policy that, while syntactically similar to the original policy, is the least-general generalization to result from removing the unused actions. In other words, we have not removed more actions than necessary.
You can find how to start using policy recommendation with unused access in Access Analyzer. To learn more about the theoretical foundations powering policy recommendation, be sure to check out our science paper.

    



                            
                        

                    
                


                
                    

                        

    

    

        Research areas
    


    
        
    



                    

                

                
                    

                        

    

    

        Tags
    


    
        
    



                    

                

                
                    

                        
                    

                

                
                    
About the Author

                    

                        
                            
    

        

            
                

                    Loris D'Antoni
                

            
            
            
                

                    Loris D'Antoni is an associate professor of computer science and engineering at the University of California, San Diego, and an Amazon Visiting Academic.
                

            
        

    



                        
                            
    

        

            
                

                    Chungha Sung
                

            
            
            
                

                    Chungha Sung is a senior applied scientist with Amazon Web Services.
                

            
        

    



                        
                    

                
            

        


        
    

    
    



    

        
Related content

        
    




    
        
    

    



    
    



    

        
Work with us
See more jobs
        
            See more jobs
        
    




    
        

            

                
                    

                        

    

    

        
            

                Member of Technical Staff, Engineering Manager , Amazon AGI Lab
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, CA, San Francisco

            
        


        
    
Amazon launched the AGI Lab to develop foundational capabilities for useful AI agents. We built Nova Act - a new AI model trained to perform actions within a web browser. The team builds AI/ML infrastructure that powers our production systems to run performantly at high scale. We’re also enabling practical AI to make our customers more productive, empowered, and fulfilled. In particular, our work combines large language models (LLMs) with reinforcement learning (RL) to solve reasoning, planning, and world modeling in both virtual and physical environments. Our lab is a small, talent-dense team with the resources and scale of Amazon. Each team in the lab has the autonomy to move fast and the long-term commitment to pursue high-risk, high-payoff research. We’re entering an exciting new era where agents can redefine what AI makes possible. We’d love for you to join our lab and build it from the ground up! Key job responsibilities This role will lead a team of SDEs building AI agents infrastructure from launch to scale. The role requires the ability to span across ML/AI system architecture and infrastructure. You will work closely with application developers and scientists to have a impact on the Agentic AI industry. We're looking for a Software Development Manager who is energized by building high performance systems, making an impact and thrives in fast-paced, collaborative environments. About the team Check out the Nova Act tools our team built on on nova.amazon.com/act




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                 Sr. Communication Research Scientist
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, CA, Sunnyvale

            
        


        
    
Amazon Leo is an initiative to launch a constellation of Low Earth Orbit satellites that will provide low-latency, high-speed broadband connectivity to unserved and underserved communities around the world. As a Sr. Comm System Research Scientist, this role is primarily responsible for the design, development and integration of Ka band and S/C band communication payload and ground terminal systems. The Role: Be part of the team defining the overall communication system and architecture of Amazon’s broadband wireless network. This is a unique opportunity to innovate and define groundbreaking wireless technology with few legacy constraints. The team develops and designs the communication system of Amazon Leo and analyzes its overall system level performance such as for overall throughput, latency, system availability, packet loss etc. This role in particular will be responsible for leading the effort in designing and developing advanced technology and solutions for communication system. This role will also be responsible developing advanced L1/L2 proof of concept HW/SW systems to improve the performance and reliability of the Amazon Leo network. In particular this role will be responsible for using concepts from digital signal processing, information theory, wireless communications to develop novel solutions for achieving ultra-high performance LEO network. This role will also be part of a team and develop simulation tools with particular emphasis on modeling the physical layer aspects such as advanced receiver modeling and abstraction, interference cancellation techniques, FEC abstraction models etc. This role will also play a critical role in the design, integration and verification of various HW and SW sub-systems as a part of system integration and link bring-up and verification. Export Control Requirement: Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum. Key job responsibilities • Design advanced L1/L2 algorithms and solutions for the Amazon Leo communication system, particularly Multi-User MIMO techniques. • Develop proof-of-concepts for critical communication payload components using SDR platforms consisting of FPGAs and general-purpose processors. • Work with ASIC development teams to build power/area efficient L1/L2 HW accelerators to be integrated into Amazon Leo SoCs. • Provide specifications and work with implementation teams on the development of embedded L1/L2 HW/SW architectures. • Work with multi-disciplinary teams to develop advanced solutions for time, frequency and spatial acquisition/tracking in LEO systems, particularly under large uncertainties. • Develop link-level and system-level simulators and work closely with implementation teams to evaluate expected performance and provide quick feedback on potential improvements. • Develop testbeds consisting of digital, IF and RF components while accounting for link-budgets and RF/IF line-ups. Previous experiences with VSAs/VSGs, channel emulators, antennas (particularly phased-arrays) and anechoic chamber instrumentation are a plus. • Work with development teams on system integration and debugging from PHY to network layer, including interfacing with flight computer and SDN control subsystems. • Willing to work in fast-paced environment and take ownership that goes from algorithm specification, to HW/SW architecture definition, to proof-of-concept development, to testbed bring-up, to integration into the Amazon Leo system. • Be a team player and provide support when requested while being able to unblock themselves by reaching out to RF, ASIC, SW, Comsys and Testbed supporting teams to move forward in development, testing and integration activities. • Ability to adapt design and test activities based on current HW/SW capabilities delivered by the development teams.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Scientist Intern, 2026 Shenzhen
            

        

        

            
                
                    

                
            

            

            

            

            
                
CN, 44, Shenzhen

            
        


        
    
职位:Applied scientist 应用科学家实习生 毕业时间:2026年10月 - 2027年7月之间毕业的应届毕业生 · 入职日期:2026年6月及之前 · 实习时间:保证一周实习4-5天全职实习,至少持续3个月 · 工作地点:深圳福田区 投递须知: 1 填写简历申请时,请把必填和非必填项都填写完整。提交简历之后就无法修改了哦! 2 学校的英文全称请准确填写。中英文对应表请查这里(无法浏览请登录后浏览)https://docs.qq.com/sheet/DVmdaa1BCV0RBbnlR?tab=BB08J2 关于职位 Amazon Device &Services Asia团队正在寻找一位充满好奇心、善于沟通的应用科学家实习生,成为连接前沿AI研究与现实世界认知的桥梁。这是一个独特的角色——既需要动手参与机器学习项目,又要接受将复杂AI概念转化为通俗易懂内容的创意挑战。D&S Asia是亚马逊设备与服务业务在亚洲的支柱组织,自2009年支持Kindle制造起步,现已发展为横跨软硬件、AI(Alexa)及智能家居(Ring/Blink)的综合性团队,持续驱动区域业务创新与人才发展。 你将做什么 • 解密AI: 将复杂的技术发现转化为直观的解释、博客文章、教程或互动演示,让非技术背景的业务方和更广泛的社区都能理解 • 技术叙事: 与工程团队协作,以清晰、引人入胜的方式记录AI的能力与局限性 • 知识共享: 协助开发内部工作坊或"AI入门"课程,提升跨职能团队(产品、设计、商务)的AI素养 • 保持前沿: 持续学习并整合最新突破(如大语言模型、扩散模型、智能体),为团队输出简明易懂的趋势简报 • 研究与应用: 参与端到端的应用研究项目,从文献综述到原型开发,涵盖自然语言处理、计算机视觉或多模态AI领域




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Scientist, Books Reading & Discovery Experiences
            

        

        

            
                
                    

                
            

            

            

            

            
                
IN, KA, Bengaluru

            
        


        
    
Passionate about books? The Amazon Books team is looking for a talented Applied Scientist II to help invent, design, and deliver science solutions to make it easier for millions of customers to find the next book they will love. In this role, you will - Be a part of a growing team of scientists, economists, engineers, analysts, and business partners. - Use Amazon’s large-scale computing and data resources to generate deep understandings of our customers and products. - Build highly accurate models (and/or agentic systems) to enhance the book reading & discovery experiences. - Design, implement, and deliver novel solutions to some of Amazon’s oldest problems. Key job responsibilities - Inspect science initiatives across Amazon to identify opportunities for application and scaling within book reading and discovery experiences. - Participate in team design, scoping, and prioritization discussions while mapping business goals to scientific problems and aligning business metrics with technical metrics. - Spearhead the design and implementation of new features through thorough research and collaboration with cross-functional teams. - Initiate the design, development, execution, and implementation of project components with input and guidance from team members. - Work with Software Development Engineers (SDEs) to deliver production-ready solutions that benefit customers and business operations. - Invent, refine, and develop solutions to ensure they meet customer needs and team objectives. - Demonstrate ability to use reasonable assumptions, data analysis, and customer requirements to solve complex problems. - Write secure, stable, testable, and maintainable code with minimal defects while taking full responsibility for your components. - Possess strong understanding of data structures, algorithms, model evaluation techniques, performance optimization, and trade-off analysis. - Follow engineering and scientific method best practices, including design reviews, model validation, and comprehensive testing. - Maintain current knowledge of research trends in your field and apply rigorous scrutiny to results and methodologies. A day in the life In this role, you will address complex Books customer challenges by developing innovative solutions that leverage the advancements in science. Working alongside a talented team of scientists, you will conduct research and execute experiments designed to enhance the Books reading and shopping experience. Your responsibilities will encompass close collaboration with cross-functional partner teams, including engineering, product management, and fellow scientists, to ensure optimal data quality, robust model development, and successful productionization of scientific solutions. Additionally, you will provide mentorship to other scientists, conduct reviews of their work, and contribute to the development of team roadmaps. About the team The team consists of a collaborative group of scientists, product leaders, and dedicated engineering teams. We work with multiple partner teams to leverage our systems to drive a diverse array of customer experiences, owned both by ourselves and others, that enable shoppers to easily find their perfect next read and enable delightful reading experiences that would make Kindle the best place to read.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Scientist, Central Machine Learning
            

        

        

            
                
                    

                
            

            

            

            

            
                
IN, KA, Bengaluru

            
        


        
    
Do you want to join an innovative team of scientists who use machine learning and statistical techniques to create state-of-the-art solutions for providing better value to Amazon’s customers? Do you want to build and deploy advanced algorithmic systems that help optimize millions of transactions every day? Are you excited by the prospect of analyzing and modeling terabytes of data to solve real world problems? Do you like to own end-to-end business problems/metrics and directly impact the profitability of the company? Do you like to innovate and simplify? If yes, then you may be a great fit to join the Machine Learning and Data Sciences team for India Consumer Businesses. If you have an entrepreneurial spirit, know how to deliver, love to work with data, are deeply technical, highly innovative and long for the opportunity to build solutions to challenging problems that directly impact the company's bottom-line, we want to talk to you. Major responsibilities - Use machine learning and analytical techniques to create scalable solutions for business problems - Analyze and extract relevant information from large amounts of Amazon’s historical business data to help automate and optimize key processes - Design, development, evaluate and deploy innovative and highly scalable models for predictive learning - Research and implement novel machine learning and statistical approaches - Work closely with software engineering teams to drive real-time model implementations and new feature creations - Work closely with business owners and operations staff to optimize various business operations - Establish scalable, efficient, automated processes for large scale data analyses, model development, model validation and model implementation - Mentor other scientists and engineers in the use of ML techniques A day in the life You will solve real-world problems by getting and analyzing large amounts of data, generate insights and opportunities, design simulations and experiments, and develop statistical and ML models. The team is driven by business needs, which requires collaboration with other Scientists, Engineers, and Product Managers across the International Emerging Stores organization. You will prepare written and verbal presentations to share insights to audiences of varying levels of technical sophistication. About the team Central Machine Learning team works closely with the IES business and engineering teams in building ML solutions that create an impact for Emerging Marketplaces. This is a great opportunity to leverage your machine learning and data mining skills to create a direct impact on millions of consumers and end users.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Language Data Scientist, Alexa AI
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, WA, Seattle

            
        


        
    
Amazon is seeking a Language Data Scientist to join the Alexa Artificial Intelligence (AI) team as domain expert. This role focuses on expanding analysis and evaluation of speech and interaction data deliverables. The Language Data Scientist is an expert in dialog evaluation processes, working closely with a team of skilled analysts and machine learning scientists and engineers, and is a key member in developing new conventions for relevant annotation workflows. The Language Data Scientist will be asked to handle unique data analysis and research requests that support the training and evaluation of machine learning models and the overall processing of a data collection. Key job responsibilities To be successful in this role, you must have a passion for data, efficiency, and accuracy. Specifically, you will: - Own data analyses for customer-facing features, including launch go/no-go metrics for new features and accuracy metrics for existing features - Handle unique data analysis requests from a range of stakeholders, including quantitative and qualitative analyses to elevate customer experience with speech interfaces - Lead and evaluate changing dialog evaluation conventions, test tooling developments, and pilot processes to support expansion to new data areas - Continuously evaluate workflow tools and processes and offer solutions to ensure they are efficient, high quality, and scalable - Provide expert support for a large and growing team of data analysts - Provide support for ongoing and new data collection efforts as a subject matter expert on conventions and use of the data - Conduct research studies to understand speech and customer-Alexa interactions - Assist scientists, program and product managers, and other stakeholders in defining and validating customer experience metrics




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Scientist II, Amazon Connect
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, CA, Mountain View

            
        


        
    
Do you want to join a team of innovative scientists to research and develop generative AI technology that would disrupt the industry? Do you enjoy dealing with ambiguity and working on hard problems in a fast-paced environment? Amazon Connect is a highly disruptive cloud-based contact center from AWS that enables businesses to deliver intelligent, engaging, dynamic, and personalized customer service experiences. The Agentic Customer Experience (ACX) org is responsible for weaving native-AI across the Connect application experiences delivered to end-customers, agents, and managers/supervisors. The Interactive AI Science team, serves as the cornerstone for AI innovation across Amazon Connect, functioning as the sole science team support high impact product including Amazon Q in Connect, Contact Lens and other key initiatives. As an Applied Scientist on our team, you will work closely with senior technical and business leaders from within the team and across AWS. You distill insight from huge data sets, conduct cutting edge research, foster ML models from conception to deployment. You have deep expertise in machine learning and deep learning broadly, and extensive domain knowledge in natural language processing, generative AI and LLM Agents evaluation and optimization, etc. You are comfortable with quickly prototyping and iterating your ideas to build robust ML models using technology such as PyTorch, Tensorflow and AWS Sagemaker. The ideal candidate has the ability to understand, implement, innovate on the state-of-the-art Agentic AI based systems. We have a rapidly growing customer base and an exciting charter in front of us that includes solving highly complex engineering and scientific problems. We are looking for passionate, talented, and experienced people to join us to innovate on modern contact centers in the cloud. The position represents a rare opportunity to be a part of a fast-growing business soon after launch, and help shape the technology and product as we grow. You will be playing a crucial role in developing the next generation contact center, and get the opportunity to design and deliver scalable, resilient systems while maintaining a constant customer focus. About the team Diverse Experiences AWS values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Why AWS? Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses. Inclusive Team Culture Here at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness. Mentorship & Career Growth We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Scientist - Agentic AI, Amazon Fulfillment Technology
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, WA, Bellevue

            
        


        
    
As an Applied Scientist in Amazon Fullfilment Technology, you will lead the development of agentic systems to assist with operational decision making and orchestration. You will work building full agentic systems leveraging multi-agent orchestration, tool use, memory, and action execution. You will train LLMs using a combination of rejection sampling approaches, SFT, continual post-training, and Reinforcement Learning (RL). These systems are deployed to Amazon buildings, and you will also work on rigorous offline and online evaluations. Your work will leverage the latest LLMs to develop capabilities for agentic reasoning, coding and analytics. You will also lead research projects to tackle unsolved problems, mentor interns, and author academic papers to summarize your findings for external publication. Key job responsibilities - Generating training and preference data for specific use cases (reasoning trajectories, tool traces) - Reward modeling and policy optimization for LLMs: DPO, IPO, RLHF/RLAIF with PPO/GRPO, rejection sampling. - Supervised fine-tuning on step-by-step trajectories and tool-use traces - Verbal Reinforcement Learning and Continual Learning - RL for LLMs, Offline RL and off-policy evaluation - Agentic memory/state management; episodic and semantic memory; vector search; grounding with RAG. - Evaluation: developing decision quality metrics, scaling LLM-based evaluations. About the team Amazon Fulfillment Technologies (AFT) powers Amazon’s global fulfillment network. We invent and deliver software, hardware, and data science solutions that orchestrate processes, robots, machines, and people. We harmonize the physical and virtual world so Amazon customers can get what they want, when they want it. Learn more about AFT: https://tinyurl.com/AFTOverview




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Scientist, Workplace Health & Safety 
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, WA, Bellevue

            
        


        
    
Are you driven by the challenge of solving complex problems that directly impact the safety and well-being of millions of Amazon Associates worldwide? Do you want to push the boundaries of AI to build innovative solutions that make workplaces safer and more efficient? If so, we invite you to join our WHS DataTech team as an Applied Scientist and take your career to the next level! At WHS DataTech, we leverage Large Language Models (LLMs), Computer Vision, and AI-driven innovations to develop industry-leading solutions that proactively enhance workplace safety. Our work spans real-time risk assessment, predictive analytics, and AI-powered insights, all aimed at creating a safer work environment at scale. As an Applied Scientist specializing in LLMs and Computer Vision, you will play a pivotal role in shaping our next-generation safety solutions. You’ll be at the forefront of innovation, designing and implementing AI-powered features that redefine workplace safety. Your work will drive strategic decisions, optimize system architecture, and influence best practices, ensuring our technology remains industry-leading. Key job responsibilities - Apply LLM model to analyze complex unstructured datasets and extract meaningful insights. - Collaborate with software engineers to implement and deploy machine learning (LLM or CV) solutions. - Conduct experiments and evaluate model performance, iterating and improving as needed. - Stay up-to-date with the latest advancements in machine learning and related fields. - Collaborate with cross-functional teams to understand business needs and identify areas for application of machine learning. - Present findings and recommendations to stakeholders and contribute to the overall research and development strategy. A day in the life Amazon offers a full range of benefits that support you and eligible family members, including domestic partners and their children. Benefits can vary by location, the number of regularly scheduled hours you work, length of employment, and job status such as seasonal or temporary employment. The benefits that generally apply to regular, full-time employees include: 1. Medical, Dental, and Vision Coverage 2. Maternity and Parental Leave Options 3. Paid Time Off (PTO) 4. 401(k) Plan If you are not sure that every qualification on the list above describes you exactly, we'd still love to hear from you! At Amazon, we value people with unique backgrounds, experiences, and skillsets. If you’re passionate about this role and want to make an impact on a global scale, please apply! About the team WHS DataTech is a multidisciplinary team of scientists and engineers dedicated to building AI-powered solutions that improve workplace safety across Amazon. We work at the intersection of large-scale data, advanced machine learning, and computer vision, delivering innovations that enhance decision-making, streamline operations, and protect millions of associates worldwide. Our collaborative culture emphasizes scientific rigor, engineering excellence, and a strong mission focus on creating safer, more efficient workplaces.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Instrument Control Engineer, Software, Center for Quantum Computing
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, CA, Pasadena

            
        


        
    
The Amazon Center for Quantum Computing (CQC) is a multi-disciplinary team of scientists, engineers, and technicians, on a mission to develop a fault-tolerant quantum computer. We are looking to hire an Instrument Control Engineer to join our growing software team. You will work closely with our experimental physics and control hardware development teams to enable their work characterizing, calibrating, and operating novel quantum devices. The ideal candidate should be able to translate high-level science requirements into software implementations (e.g. Python APIs/frameworks, compiler passes, embedded SW, instrument drivers) that are performant, scalable, and intuitive. This requires someone who (1) has a strong desire to work within a team of scientists and engineers, and (2) demonstrates ownership in initiating and driving projects to completion. This role has a particular emphasis on working directly with our control hardware designers and vendors to develop instrument software for test and measurement. Inclusive Team Culture Here at Amazon, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon conferences, inspire us to never stop embracing our uniqueness. Diverse Experiences Amazon values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Mentorship & Career Growth We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud. Export Control Requirement Due to applicable export control laws and regulations, candidates must be either a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum, or be able to obtain a US export license. If you are unsure if you meet these requirements, please apply and Amazon will review your application for eligibility. Key job responsibilities - Work with control hardware developers, as a “subject matter expert” on the software interfaces around our control hardware - Collaborate with external control hardware vendors to understand and refine integration strategies - Implement instrument drivers and control logic in Python and/or a low-level languages, including C++ or Rust - Contribute to our compiler backend to enable the efficient execution of OpenQASM-based experiments on our next-generation control hardware - Benchmark system performance and help define key performance metrics - Ensure new features are successfully integrated into our Python-based experimental software stack - Partner with scientists to actively contribute to the codebase through mentorship and documentation We are looking for candidates with strong engineering principles, a bias for action, superior problem-solving, and excellent communication skills. Working effectively within a team environment is essential. As an Instrument Control Engineer embedded in a broader science organization, you will have the opportunity to work on new ideas and stay abreast of the field of experimental quantum computation. A day in the life Your time will be spent on projects that extend functional capabilities or performance of our internal research software stack. This requires working backwards from the needs of science staff in the context of our larger experimental roadmap. You will translate science and software requirements into design proposals balancing implementation complexity against time-to-delivery. Once a design proposal has been reviewed and accepted, you’ll drive implementation and coordinate with internal stakeholders to ensure a smooth roll out. Because many high-level experimental goals have cross-cutting requirements, you’ll often work closely with other engineers or scientists or on the team. About the team You will be joining the Software group within the Amazon Center of Quantum Computing. Our team is comprised of scientists and software engineers who are building scalable software that enables quantum computing technologies.




        

        

        

        
    


    



                    

                
            

        

    

    

        See more jobs
    






        




    

        
            
        
        

            

                
                    

                        

                    

                
            

            
                

                    

                        

  

      
          

              
                  
    
        View from space of a connected network around planet Earth representing the Internet of Things.
    

              
          

      

      

        

          
              
Get more from Amazon Science

          

          
    
Subscribe to our monthly newsletter



        

        
          
        
      

  



                    

                

            
        

    


    

        

        
            
Amazon.com | Conditions of Use | Privacy | © 1996-2026 Amazon.com, Inc. or its affiliates

        
        
            

    
Social