Social
Automated reasoning

New AWS tool recommends removal of unused permissions

IAM Access Analyzer feature uses automated reasoning to recommend policies that remove unused accesses, helping customers achieve “least privilege”.

By Loris D'AntoniChungha Sung
December 19, 2024
7 min read
Share

AWS Identity and Access Management (IAM) policies provide customers with fine-grained control over who has access to what resources in the Amazon Web Services (AWS) Cloud. This control helps customers enforce the principle of least privilege by granting only the permissions required to perform particular tasks. In practice, however, writing IAM policies that enforce least privilege requires customers to understand what permissions are necessary for their applications to function, which can become challenging when the scale of the applications grows.

To help customers understand what permissions are not necessary, we launched IAM Access Analyzer unused access findings at the 2023 re:Invent conference. IAM Access Analyzer analyzes your AWS accounts to identify unused access and creates a centralized dashboard to report its findings. The findings highlight unused roles and unused access keys and passwords for IAM users. For active IAM roles and users, the findings provide visibility into unused services and actions.

Policy checks in context.png
Related content
Custom policy checks help democratize automated reasoning
New IAM Access Analyzer feature uses automated reasoning to ensure that access policies written in the IAM policy language don’t grant unintended access.

To take this service a step further, in June 2024 we launched recommendations to refine unused permissions in Access Analyzer. This feature recommends a refinement of the customer’s original IAM policies that retains the policy structure while removing the unused permissions. The recommendations not only simplify removal of unused permissions but also help customers enact the principle of least privilege for fine-grained permissions.

In this post, we discuss how Access Analyzer policy recommendations suggest policy refinements based on unused permissions, which completes the circle from monitoring overly permissive policies to refining them.

Policy recommendation in practice

Let's dive into an example to see how policy recommendation works. Suppose you have the following IAM policy attached to an IAM role named MyRole:

{
  "Version": "2012-10-17",
  "Statement": [
   {
      "Effect": "Allow",
      "Action": [
        "lambda:AddPermission",
        "lambda:GetFunctionConfiguration",
        "lambda:UpdateFunctionConfiguration",
        "lambda:UpdateFunctionCode",
        "lambda:CreateFunction",
        "lambda:DeleteFunction",
        "lambda:ListVersionsByFunction",
        "lambda:GetFunction",
        "lambda:Invoke*"
      ],
      "Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-lambda"
   },
  {
    "Effect" : "Allow",
    "Action" : [
      "s3:Get*",
      "s3:List*"
    ],
    "Resource" : "*"
  }
 ]
}



        
The above policy has two policy statements:
  • The first statement allows actions on a function in AWS Lambda, an AWS offering that provides function execution as a service. The allowed actions are specified by listing individual actions as well as via the wildcard string lambda:Invoke*, which permits all actions starting with Invoke in AWS Lambda, such as lambda:InvokeFunction.
  • The second statement allows actions on any Amazon Simple Storage Service (S3) bucket. Actions are specified by two wildcard strings, which indicate that the statement allows actions starting with Get or List in Amazon S3.
Enabling Access Analyzer for unused finding will provide you with a list of findings, each of which details the action-level unused permissions for specific roles. For example, for the role with the above policy attached, if Access Analyzer finds any AWS Lambda or Amazon S3 actions that are allowed but not used, it will display them as unused permissions.

            

  

    

        

        

          

            
              

                  Related content
              

            
            
                
A billion SMT queries a day

            

            
    
Amazon Web Services (AWS) is a cloud computing services provider that has made significant investments in applying formal methods to proving correctness of its internal systems and providing assurance of correctness to their end-users. In this paper, we focus on how we built abstractions and eliminated specifications to scale a verification engine for AWS access policies, Zelkova, to be usable by all AWS



          

        

    

  




        
The unused permissions define a list of actions that are allowed by the IAM policy but not used by the role. These actions are specific to a namespace, a set of resources that are clustered together and walled off from other namespaces, to improve security. Here is an example in Json format that shows unused permissions found for MyRole with the policy we attached earlier:

            

    
[
 {
    "serviceNamespace": "lambda",
    "actions": [
      "UpdateFunctionCode",
      "GetFunction",
      "ListVersionsByFunction",
      "UpdateFunctionConfiguration",
      "CreateFunction",
      "DeleteFunction",
      "GetFunctionConfiguration",
      "AddPermission"
    ]
  },
  {
    "serviceNamespace": "s3",
    "actions": [
        "GetBucketLocation",
        "GetBucketWebsite",
        "GetBucketPolicyStatus",
        "GetAccelerateConfiguration",
        "GetBucketPolicy",
        "GetBucketRequestPayment",
        "GetReplicationConfiguration",
        "GetBucketLogging",
        "GetBucketObjectLockConfiguration",
        "GetBucketNotification",
        "GetLifecycleConfiguration",
        "GetAnalyticsConfiguration",
        "GetBucketCORS",
        "GetInventoryConfiguration",
        "GetBucketPublicAccessBlock",
        "GetEncryptionConfiguration",
        "GetBucketAcl",
        "GetBucketVersioning",
        "GetBucketOwnershipControls",
        "GetBucketTagging",
        "GetIntelligentTieringConfiguration",
        "GetMetricsConfiguration"
    ]
  }
]




        
This example shows actions that are not used in AWS Lambda and Amazon S3 but are allowed by the policy we specified earlier.

            

  

    

        
            

                
                    
    
        Neha Rungta
    

                
            

        

        

          

            
              

                  Related content
              

            
            
                
For Neha Rungta, it's the journey that matters

            

            
    
Rungta had a promising career with NASA, but decided the stars aligned for her at Amazon.



          

        

    

  




        
How could you refine the original policy to remove the unused permissions and achieve least privilege? One option is manual analysis. You might imagine the following process:
  • Find the statements that allow unused permissions;
  • Remove individual actions from those statements by referencing unused permissions.
This process, however, can be error prone when dealing with large policies and long lists of unused permissions. Moreover, when there are wildcard strings in a policy, removing unused permissions from them requires careful investigation of which actions should replace the wildcard strings.
Policy recommendation does this refinement automatically for customers!
The policy below is one that Access Analyzer recommends after removing the unused actions from the policy above (the figure also shows the differences between the original and revised policies):

            

    
{
  "Version": "2012-10-17",
  "Statement" : [
   {
      "Effect" : "Allow",
      "Action" : [
-       "lambda:AddPermission",
-       "lambda:GetFunctionConfiguration",
-       "lambda:UpdateFunctionConfiguration",
-       "lambda:UpdateFunctionCode",
-       "lambda:CreateFunction",
-       "lambda:DeleteFunction",
-       "lambda:ListVersionsByFunction",
-       "lambda:GetFunction",
        "lambda:Invoke*"
      ],
      "Resource" : "arn:aws:lambda:us-east-1:123456789012:function:my-lambda"
    },
    {
     "Effect" : "Allow",
     "Action" : [
-      "s3:Get*",
+      "s3:GetAccess*",
+      "s3:GetAccountPublicAccessBlock",
+      "s3:GetDataAccess",
+      "s3:GetJobTagging",
+      "s3:GetMulti*",
+      "s3:GetObject*",
+      "s3:GetStorage*",
       "s3:List*"
     ],
     "Resource" : "*"
   }
  ]
}




        
Let’s take a look at what’s changed for each policy statement.
For the first statement, policy recommendation removes all individually listed actions (e.g., lambda:AddPermission), since they appear in unused permissions. Because none of the unused permissions starts with lambda:Invoke, the recommendation leaves lambda:Invoke* untouched.
For the second statement, let’s focus on what happens to the wildcard s3:Get*, which appears in the original policy. There are many actions that can start with s3:Get, but only some of them are shown in the unused permissions. Therefore, s3:Get* cannot just be removed from the policy. Instead, the recommended policy replaces s3:Get* with seven actions that can start with s3:Get but are not reported as unused.

            

  

    

        
            

                
                    
    
        Automated Reasoning 
    

                
            

        

        

          

            
              

                  Related content
              

            
            
                
How AWS’s Automated Reasoning Group helps make AWS and other Amazon products more secure

            

            
    
Amazon scientists are on the cutting edge of using math-based logic to provide better network security, access management, and greater reliability.



          

        

    

  




        
Some of these actions (e.g., s3:GetJobTagging) are individual ones, whereas others contain wildcards (e.g., s3:GetAccess* and s3:GetObject*). One way to manually replace s3:Get* in the revised policy would be to list all the actions that start with s3:Get except for the unused ones. However, this would result in an unwieldy policy, given that there are more than 50 actions starting with s3:Get.
Instead, policy recommendation identifies ways to use wildcards to collapse multiple actions, outputting actions such as s3:GetAccess* or s3:GetMulti*. Thanks to these wildcards, the recommended policy is succinct but still permits all the actions starting with s3:Get that are not reported as unused.
How do we decide where to place a wildcard in the newly generated wildcard actions? In the next section, we will dive deep on how policy recommendation generalizes actions with wildcards to allow only those actions that do not appear in unused permissions.
A deep dive into how actions are generalized
Policy recommendation is guided by the mathematical principle of “least general generalization” — i.e., finding the least permissive modification of the recommended policy that still allows all the actions allowed by the original policy. This theorem-backed approach guarantees that the modified policy still allows all and only the permissions granted by the original policy that are not reported as unused.
To implement the least-general generalization for unused permissions, we construct a data structure known as a trie, which is a tree each of whose nodes extends a sequence of tokens corresponding to a path through the tree. In our case, the nodes represent prefixes shared among actions, with a special marker for actions reported in unused permissions. By traversing the trie, we find the shortest string of prefixes that does not contain unused actions.
The diagram below shows a simplified trie delineating actions that replace the S3 Get* wildcard from the original policy (we have omitted some actions for clarity):

            

    

        
    
        Access Analyzer trie.png
    


        

        
    


    
        
A trie delineating actions that can replace the Get* wildcard in an IAM policy. Nodes containing unused actions are depicted in orange; the remaining nodes are in green.

    


        
At a high level, the trie represents prefixes that are shared by some of the possible actions starting with s3:Get. Its root node represents the prefix Get; child nodes of the root append their prefixes to Get. For example, the node named Multi represents all actions that start with GetMulti.

            

  

    

        
            

                
                    
    
        Elliptic-curve addition.gif
    

                
            

        

        

          

            
              

                  Related content
              

            
            
                
Better-performing “25519” elliptic-curve cryptography

            

            
    
Automated reasoning and optimizations specific to CPU microarchitectures improve both performance and assurance of correct implementation.



          

        

    

  




        
We say that a node is safe (denoted in green in the diagram) if none of the unused actions start with the prefix corresponding to that node; otherwise, it is unsafe (denoted in orange). For example, the node s3:GetBucket is unsafe because the action s3:GetBucketPolicy is unused. Similarly, the node ss is safe since there are no unused permissions that start with GetAccess.
We want our final policies to contain wildcard actions that correspond only to safe nodes, and we want to include enough safe nodes to permit all used actions. We achieve this by selecting the nodes that correspond to the shortest safe prefixes—i.e., nodes that are themselves safe but whose parents are not. As a result, the recommended policy replaces s3:Get* with the shortest prefixes that do not contain unused permissions, such as s3:GetAccess*, s3:GetMulti* and s3:GetJobTagging.
Together, the shortest safe prefixes form a new policy that, while syntactically similar to the original policy, is the least-general generalization to result from removing the unused actions. In other words, we have not removed more actions than necessary.
You can find how to start using policy recommendation with unused access in Access Analyzer. To learn more about the theoretical foundations powering policy recommendation, be sure to check out our science paper.

    



                            
                        

                    
                


                
                    

                        

    

    

        Research areas
    


    
        
    



                    

                

                
                    

                        

    

    

        Tags
    


    
        
    



                    

                

                
                    

                        
                    

                

                
                    
About the Author

                    

                        
                            
    

        

            
                

                    Loris D'Antoni
                

            
            
            
                

                    Loris D'Antoni is an associate professor of computer science and engineering at the University of California, San Diego, and an Amazon Visiting Academic.
                

            
        

    



                        
                            
    

        

            
                

                    Chungha Sung
                

            
            
            
                

                    Chungha Sung is a senior applied scientist with Amazon Web Services.
                

            
        

    



                        
                    

                
            

        


        
    

    
    



    

        
Related content

        
    




    
        
    

    



    
    



    

        
Work with us
See more jobs
        
            See more jobs
        
    




    
        

            

                
                    

                        

    

    

        
            

                2026 Fall Quantum Applied Science Internship, Center for Quantum Computing
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, CA, Pasadena

            
        


        
    
The Amazon Web Services (AWS) Center for Quantum Computing (CQC) is a multi-disciplinary team of theoretical and experimental physicists, materials scientists, and hardware and software engineers on a mission to develop a fault-tolerant quantum computer. Throughout your internship journey, you'll have access to unparalleled resources, including state-of-the-art computing infrastructure, cutting-edge research papers, and mentorship from industry luminaries. This immersive experience will not only sharpen your technical skills but also cultivate your ability to think critically, communicate effectively, and thrive in a fast-paced, innovative environment where bold ideas are celebrated. Join us at the forefront of applied science, where your contributions will shape the future of Quantum Computing and propel humanity forward. Seize this extraordinary opportunity to learn, grow, and leave an indelible mark on the world of technology. Amazon has positions available for Quantum Research Science and Applied Science Internships in Santa Clara, CA and Pasadena, CA. We are particularly interested in candidates with expertise in any of the following areas: superconducting qubits, cavity/circuit QED, quantum optics, open quantum systems, superconductivity, electromagnetic simulations of superconducting circuits, microwave engineering, benchmarking, quantum error correction, fabrication, etc. Key job responsibilities In this role, you will work alongside global experts to develop and implement novel, scalable solutions that advance the state-of-the-art in the areas of quantum computing. You will tackle challenging, groundbreaking research problems, work with leading edge technology, focus on highly targeted customer use-cases, and launch products that solve problems for Amazon customers. The ideal candidate should possess the ability to work collaboratively with diverse groups and cross-functional teams to solve complex business problems. A successful candidate will be a self-starter, comfortable with ambiguity, with strong attention to detail and the ability to thrive in a fast-paced, ever-changing environment. About the team Diverse Experiences AWS values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Why AWS? Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses. Inclusive Team Culture Here at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness. Mentorship & Career Growth We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud. Hybrid Work We value innovation and recognize this sometimes requires uninterrupted time to focus on a build. We also value in-person collaboration and time spent face-to-face. Our team affords employees options to work in the office every day or in a flexible, hybrid work model near one of our U.S. Amazon offices.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Senior Applied Scientist, Alexa International
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, WA, Bellevue

            
        


        
    
Alexa International Science team is looking for a passionate, talented, and inventive Senior Applied Scientist to help build industry-leading technology with Large Language Models (LLMs) and multimodal systems, requiring strong deep learning and generative models knowledge. At this level, you will drive cross-team scientific strategy, influence partner teams, and deliver solutions that have broad impact across Alexa's international products and services. Key job responsibilities As a Senior Applied Scientist with the Alexa International team, you will work with talented peers to develop novel algorithms and modeling techniques to advance the state of the art with LLMs, particularly delivering industry-leading scientific research and applied AI for multi-lingual applications — a challenging area for the industry globally. Your work will directly impact our global customers in the form of products and services that support Alexa+. You will leverage Amazon's heterogeneous data sources and large-scale computing resources to accelerate advances in text, speech, and vision domains. The ideal candidate possesses a solid understanding of machine learning, speech and/or natural language processing, modern LLM architectures, LLM evaluation & tooling, and a passion for pushing boundaries in this vast and quickly evolving field. They thrive in fast-paced environment, like to tackle complex challenges, excel at swiftly delivering impactful solutions while iterating based on user feedback, and are able to influence and align multiple teams around a shared scientific vision.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Scientist II, Alexa International Team
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, WA, Bellevue

            
        


        
    
Alexa International is looking for a passionate, talented, and inventive Applied Scientist to help build industry-leading technology with Large Language Models (LLMs) and multimodal systems, requiring strong deep learning and generative models knowledge. You will contribute to developing novel solutions and deliver high-quality results that impact Alexa's international products and services. Key job responsibilities As an Applied Scientist with the Alexa International team, you will work with talented peers to develop novel algorithms and modeling techniques to advance the state of the art with LLMs. Your work will directly impact our international customers in the form of products and services that make use of digital assistant technology. You will leverage Amazon's heterogeneous data sources, unique and diverse international customer nuances and large-scale computing resources to accelerate advances in text, voice, and vision domains in a multimodal setup. The ideal candidate possesses a solid understanding of machine learning, natural language understanding, modern LLM architectures, LLM evaluation & tooling, and a passion for pushing boundaries in this vast and quickly evolving field. They thrive in fast-paced environments to tackle complex challenges, excel at swiftly delivering impactful solutions while iterating based on user feedback, and collaborate effectively with cross-functional teams. A day in the life * Analyze, understand, and model customer behavior and the customer experience based on large-scale data. * Build novel online & offline evaluation metrics and methodologies for multimodal personal digital assistants. * Fine-tune/post-train LLMs using techniques like SFT, DPO, RLHF, and RLAIF. * Set up experimentation frameworks for agile model analysis and A/B testing. * Collaborate with partner teams on LLM evaluation frameworks and post-training methodologies. * Contribute to end-to-end delivery of solutions from research to production, including reusable science components. * Communicate solutions clearly to partners and stakeholders. * Contribute to the scientific community through publications and community engagement.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Member of Technical Staff, Frontier AI & Robotics (FAR)
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, CA, San Francisco

            
        


        
    
Amazon’s Frontier AI & Robotics (FAR) team is seeking a Member of Technical Staff to drive foundational research and build intelligent robotic systems from the ground up. In this role, you will operate at the intersection of innovative AI research and real-world robotics - conducting original research, publishing, and deploying your innovations into production systems at Amazon scale. We’re looking for researchers who think from first principles, push the boundaries of what’s possible, and take full ownership of turning breakthrough ideas into working systems.  You will join the next revolution in robotics, where you'll work alongside world-renowned AI pioneers to push the boundaries of what's possible in robotic intelligence. As a Member of Technical Staff, you'll be at the forefront of developing breakthrough foundation models and full-stack robotics systems that enable robots to perceive, understand, and interact with the world in unprecedented ways. You'll drive technical excellence and independent research initiatives in areas such as locomotion, manipulation, perception, sim2real transfer, multi-modal, multi-task robot learning, designing novel frameworks that bridge the gap between state-of-the-art research and real-world deployment at Amazon scale. In this role, you'll balance innovative technical exploration with practical implementation, collaborating with platform teams to ensure your models and algorithms perform robustly in dynamic real-world environments. You’ll have the freedom to pursue ambitious research directions while leveraging Amazon’s vast computational resources to tackle ambiguous problems in areas like very large multi-modal robotic foundation models and efficient, promptable model architectures that can scale across diverse robotic applications. Key job responsibilities - Drive independent research initiatives across the robotics stack, including robot co-design, dexterous manipulation mechanisms, innovative actuation strategies, state estimation, low-level control, system identification, reinforcement learning, sim-to-real transfer, as well as foundation models focusing on breakthrough approaches in perception, and manipulation, for example open-vocabulary panoptic scene understanding, scaling up multi-modal LLMs, sim2real/real2sim techniques, end-to-end vision-language-action models, efficient model inference, video tokenization - Design and implement novel deep learning architectures that push the boundaries of what robots can understand and accomplish - Guide technical direction for full-stack robotics projects from conceptualization through deployment, taking a system-level approach that integrates hardware considerations with algorithmic development, ensuring robust performance in production environments - Collaborate with platform and hardware teams to ensure seamless integration across the entire robotics stack, optimizing and scaling models for real-world applications - Contribute to team's technical decisions and influence implementation strategies to help shape our approach to next-generation robotics challenges - Mentor fellow researchers while maintaining solid individual technical contributions A day in the life - Design and implement novel foundation model architectures and innovative systems and algorithms, leveraging our extensive infrastructure to prototype and evaluate at scale - Collaborate with our world-class research team to solve complex technical challenges across the full robotics stack - Lead focused technical initiatives from conception through deployment, ensuring successful integration with production systems - Drive technical discussions and brainstorming sessions with team leaders, fellow researchers and key stakeholders - Conduct experiments and prototype new ideas using our massive compute cluster and extensive robotics infrastructure - Transform theoretical insights into practical solutions that can handle the complexities of real-world robotics applications About the team At Frontier AI & Robotics, we're not just advancing robotics – we're reimagining it from the ground up. Our team is building the future of intelligent robotics through innovative foundation models and end-to-end learned systems. We tackle some of the most challenging problems in AI and robotics, from developing sophisticated perception systems to creating adaptive manipulation strategies that work in complex, real-world scenarios. What sets us apart is our unique combination of ambitious research vision and practical impact. We leverage Amazon's massive computational infrastructure and rich real-world datasets to train and deploy state-of-the-art foundation models. Our work spans the full spectrum of robotics intelligence – from multimodal perception using images, videos, and sensor data, to sophisticated manipulation strategies that can handle diverse real-world scenarios. We're building systems that don't just work in the lab, but scale to meet the demands of Amazon's global operations. Join us if you're excited about pushing the boundaries of what's possible in robotics, working with world-class researchers, and seeing your innovations deployed at unprecedented scale.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Senior Applied scientist, Agentic AI, AWS Agentic AI
            

        

        

            
                
                    

                
            

            

            

            

            
                
IL, Tel Aviv

            
        


        
    
Come join the AWS Agentic AI science team in building the next generation models for intelligent automation. AWS, the world-leading provider of cloud services, has fostered the creation and growth of countless new businesses, and is a positive force for good. Our customers bring problems that will give Applied Scientists like you endless opportunities to see your research have a positive and immediate impact in the world. You will have the opportunity to partner with technology and business teams to solve real-world problems, have access to virtually endless data and computational resources, and to world-class engineers and developers that can help bring your ideas into the world. As part of the team, we expect that you will develop innovative solutions to hard problems, and publish your findings at peer reviewed conferences and workshops. We are looking for world class researchers with experience in one or more of the following areas - autonomous agents, API orchestration, Planning, large multimodal models (especially vision-language models), reinforcement learning (RL) and sequential decision making.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                2026 Data Scientist Internship , Amazon University Talent Acquisition
            

        

        

            
                
                    

                
            

            

            

            

            
                
IL, Tel Aviv

            
        


        
    
Are you a Masters or PhD student interested in a 2026 Internship in Data Science? If so, we want to hear from you! We are looking for a customer obsessed Data Scientist Intern who can innovate in a business environment and is comfortable owning data to drive step-change innovation in the EMEA region or worldwide. If this describes you, come and join our Data Science teams at Amazon for an exciting internship opportunity. If you are insatiably curious and always want to learn more, then you’ve come to the right place. You can find more information about the Amazon Science community as well as our interview process via the links below; https://www.amazon.science/ https://amazon.jobs/content/en/career-programs/university/science Key job responsibilities As a Data Science Intern, you will have the following key job responsibilities: • Work closely with scientists and engineers to develop new algorithms to implement scientific solutions for Amazon problems • Design, run, and analyze A/B tests • Work on an interdisciplinary team on customer-obsessed research • Experience Amazon's customer-focused culture • Create and deliver projects that can be quickly applied starting locally and scaled to EMEA/worldwide • Create and share data with audiences of varying levels technical papers and presentations • Define metrics and design algorithms to estimate customer satisfaction and engagement A day in the life At Amazon, you will grow into the high impact person you know you’re ready to be. Every day will be filled with developing new skills and achieving personal growth. How often can you say that your work changes the world? At Amazon, you’ll say it often. Join us and define tomorrow. Some more benefits of an Amazon Science internship include; • All of our internships offer a competitive stipend/salary • Interns are paired with an experienced manager and mentor(s) • Interns receive invitations to different events such as intern program initiatives or site events • Interns can build their professional and personal network with other Amazon Scientists • Interns can potentially publish work at top tier conferences each year About the team Applicants will be reviewed on a rolling basis and are assigned to teams aligned with their research interests and experience prior to interviews. Start dates are available throughout the year and durations can vary in length from 3-6 months for full time internships or 6-12 months for part time internships. Please note these are not remote internships.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Economist Intern, Economic Valuation and Optimization (EV&O)
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, CA, Sunnyvale

            
        


        
    
The Economic Value & Optimization (EV&O) team builds causal econometric models that quantify the long-term economic value of Amazon's retail selection. Our models inform portfolio-level assortment decisions worth billions in projected OPS impact. We are looking for an Econ intern to work on improving our dynamic causal modeling framework and strengthening the empirical grounding of model outputs through experimental calibration. The intern will work with senior economists and scientists to develop methodological improvements that directly influence how Amazon decides what assortment to carry. Key job responsibilities - Develop and test extensions to our dynamic econometric framework including incorporating Gen AI methodology. - Design and implement models to reconcile counterfactual estimates with experimental treatment effects from selection de-assortment experiments. - Conduct econometric analyses on large-scale customer behavior panel data. - Quantify model performance using validation metrics and identify sources of bias. - Communicate findings to science leadership and business stakeholders through written documents and presentations.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Member of Technical Staff - Firmware Engineer, Robotics, Frontier AI & Robotics 
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, CA, San Francisco

            
        


        
    
Join Amazon's Frontier AI & Robotics team and help shape the future of intelligent robotic systems from the inside out. As a Member of Technical Staff - Firmware Engineer, Electronics, you will develop the low-level firmware that brings our in-house robotic actuators to life—writing the embedded code that bridges sophisticated hardware and the high-level AI control systems that power our next-generation robots. Your work will directly enable our robots to see, reason, and act in real-world warehouse environments, making you a critical contributor to one of the most ambitious robotics programs in the world. Key job responsibilities • Develop, test, and optimize embedded firmware for custom in-house robotic actuators, including motor control algorithms (FOC, commutation, current/torque/speed/position loops) running on microcontrollers and DSPs • Design and implement real-time firmware for actuator state estimation, fault detection, and protection logic, ensuring robust and safe operation across all actuator variants deployed in FAR's robotic systems • Collaborate with electronics engineers and motor design engineers to define firmware requirements, hardware interfaces (SPI, I2C, CAN, EtherCAT, RS-485), and actuator bring-up procedures for new hardware revisions • Develop and maintain firmware for field-oriented control (FOC) and sensored/sensorless motor commutation, including tuning current regulators, velocity controllers, and position controllers for high-performance robots • Build and maintain firmware test frameworks and hardware-in-the-loop (HIL) test environments to validate firmware behavior across actuator operating conditions, edge cases, and failure modes • Partner with controls engineers and AI researchers to ensure firmware-level interfaces support high-bandwidth, low-latency communication required by whole-body control and motion planning algorithms • Contribute to actuator firmware architecture decisions, define software-hardware interface standards, and maintain firmware documentation and version control practices to enable scalable multi-actuator development • Support rapid hardware bring-up and debugging of new actuator prototypes, leveraging oscilloscopes, logic analyzers, and custom diagnostic tools to characterize and validate firmware behavior on novel hardware A day in the life Your day is rooted in the intersection of hardware and software where you’ll be wiring firmware from scratch to control custom motors. You might start your morning reviewing firmware behavior logs from the previous night's actuator characterization runs, then spend time working alongside motor design and electronics engineers to debug a torque ripple issue in the motor control loop. In the afternoon, you could be writing and validating embedded firmware for a new actuator variant, tuning (field-oriented control) FOC algorithms, and collaborating with the controls team to ensure firmware interfaces align with high-level motion planning requirements. Beyond the bench, you'll participate in architecture reviews with hardware and software engineers, contribute to code reviews, and document firmware specifications that enable smooth hardware handoffs. You'll be working on actuator variants—each with unique power, torque, and speed requirements—and you'll be the firmware voice in cross-functional design discussions that shape how our actuators are built and controlled. The pace is fast, the problems are novel, and the impact is direct. About the team Frontier AI & Robotics (FAR) is the team at Amazon building the next generation of embodied intelligence. FAR drives the development and implementation of advanced AI models within Amazon’s operations that enable robots to see, reason, and act on the world around them, supporting a number of different warehouse automation tasks.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Member of Technical Staff - Electronics Engineer, Actuators & Drives, Frontier AI & Robotics 
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, CA, San Francisco

            
        


        
    
Join Amazon's Frontier AI & Robotics team and take ownership of the electronics that make our robots move. As a Member of Technical Staff - Electronics Engineer, Actuators & Drives, you will conceptualize, design, and test the motor drive electronics that power our in-house robotic actuators—from the gate drivers and power stages that command motor current to the sensing circuits and communication interfaces that give our robots proprioceptive awareness. Your printed circuit board (PCB) designs will live inside each of our next-generation robotic systems, directly enabling the embodied intelligence that is central to FAR's mission. Key job responsibilities • Conceptualize, design, and validate motor drive electronics for in-house robotic actuators, including inverter power stages, gate driver circuits, current and position sensing, and power management subsystems from concept through prototype and production • Lead PCB-level design of compact, high-power-density motor drive boards, including schematic capture, component selection, and collaboration with PCB layout engineers to achieve signal integrity, thermal, and EMC requirements in constrained actuator form factors • Characterize and optimize inverter switching performance, efficiency, and thermal behavior across the full operating envelope of FAR's actuator variants, using bench measurements and simulation to guide design decisions • Define and implement current sensing architectures (shunt-based, Hall-effect, or integrated IC-based) and position/velocity sensing interfaces (encoder, resolver, Hall sensor) to support high-bandwidth FOC firmware on microcontrollers and DSPs • Partner with firmware engineers to define hardware-software interfaces for motor drive control loops, fault detection logic, and communication protocols (CAN, EtherCAT, SPI), ensuring electronics designs support the real-time control requirements of robotic actuation • Collaborate with motor design and mechanical engineers to specify the electrical characteristics of custom BLDC and PMSM motors, align inverter design to motor parameters, and validate the integrated actuator electro-mechanical system • Lead hardware bring-up, functional testing, and failure analysis for new actuator electronics prototypes, developing test plans and characterization setups that systematically validate design performance and identify failure modes • Define electronics design standards, review processes, and design-for-manufacturability (DFM) guidelines for FAR's actuator drive portfolio, and mentor junior engineers in motor drive electronics design best practices A day in the life Your day centers on the full electronics development cycle for our custom actuator drive systems. You might start by reviewing simulation results for a new inverter topology, then transition to the lab to characterize switching losses and thermal performance on a prototype motor drive board. Later in the day, you could be collaborating with motor design engineers on back-EMF waveform analysis, refining gate drive timing to optimize inverter efficiency, or working with firmware engineers to define current sensing interfaces and hardware abstraction layers. Across the week, you'll be involved in schematic capture and PCB layout reviews with your design team, participating in design review gates, and iterating on hardware based on test findings. You'll navigate the challenge of fitting high-performance drive electronics into compact, thermally constrained actuator packages—designing for the power density, reliability, and robustness our robots demand. Your work will span from concept and architecture through silicon bring-up, and you'll play a key role in defining the electronics roadmap for FAR's actuator portfolio. About the team Frontier AI & Robotics (FAR) is the team at Amazon building the next generation of embodied intelligence. FAR drives the development and implementation of advanced AI models within Amazon’s operations that enable robots to see, reason, and act on the world around them, supporting a number of different warehouse automation tasks.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Member of Technical Staff - Robotics Mechanical Engineer, Frontier AI & Robotics 
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, CA, San Francisco

            
        


        
    
About the Role: We are looking for a Member of Technical Staff - Mechanical Engineer with a passion for building complex robotic systems from the ground up. This role is ideal for someone with a deep understanding of structural and electromechanical design, who thrives in hands-on environments and has experience taking high-performance robots from concept to production. You will work on the mechanical and system architecture of advanced robotics platforms, including high degree-of-freedom systems, where considerations such as actuator selection, thermal constraints, cabling, sensing integration, and manufacturability are critical. This is a cross-disciplinary role requiring close collaboration with electrical, software, and AI research teams. Beyond day-to-day hardware development, this role also provides exciting avenues to contribute to innovative research projects. Whether you’re interested in mechatronics, sensor integration, or novel actuation methods, you’ll find opportunities to explore your research interests while building real-world systems that advance in the field of high degree-of-freedom robotics. What You Bring: * A systems-thinking mindset with a strong grasp of cross-domain engineering tradeoffs. * A bias toward action: comfortable building, testing, and iterating rapidly. * A collaborative and communicative working style — especially in multi-disciplinary research environments. * A passion for robotics and advancing the state of the art in intelligent, capable machines. Key job responsibilities * Lead mechanical design of robotic subsystems and full platforms, including structures, joints, enclosures, and mechanisms for a research environment. * Own kinematic, dynamic, and structural analyses to guide the design and optimization of full systems and subsystems of high-DoF robots * Specify and integrate actuators and motors for high-torque density applications in high-degree-of-freedom systems. * Contribute to thermal management strategies for motors, sensors, and embedded compute hardware. * Integrate sensors such as lidar, stereo cameras, IMUs, tactile sensors, and compute modules into compact, functional assemblies. * Design and route cabling and wire harnesses, ensuring reliability, serviceability, and thermal/electrical integrity. * Prototype and test mechanical systems; support hands-on builds, debug sessions, and field testing. * Conduct root cause analysis on system-level failures or performance issues and implement design improvements. * Apply Design for Manufacturing (DFM) and Design for Assembly (DFA) principles to transition prototypes into scalable builds (10s–100s of units). * Collaborate with cross-functional teams in electrical engineering, controls, perception, and research to meet research and product goals. About the team Frontier AI & Robotics (FAR) is the team at Amazon building the next generation of embodied intelligence. FAR drives the development and implementation of advanced AI models within Amazon’s operations that enable robots to see, reason, and act on the world around them, supporting a number of different warehouse automation tasks.




        

        

        

        
    


    



                    

                
            

        

    

    

        See more jobs
    






        




    

        
            
        
        

            

                
                    

                        

                    

                
            

            
                

                    

                        

  

      
          

              
                  
    
        View from space of a connected network around planet Earth representing the Internet of Things.
    

              
          

      

      

        

          
              
Get more from Amazon Science

          

          
    
Subscribe to our newsletter



        

        
          
        
      

  



                    

                

            
        

    


    

        

        
            
Amazon.com | Conditions of Use | Privacy | © 1996-2026 Amazon.com, Inc. or its affiliates

        
        
            

    
Social