New AWS tool recommends removal of unused permissions

IAM Access Analyzer feature uses automated reasoning to recommend policies that remove unused accesses, helping customers achieve “least privilege”.

AWS Identity and Access Management (IAM) policies provide customers with fine-grained control over who has access to what resources in the Amazon Web Services (AWS) Cloud. This control helps customers enforce the principle of least privilege by granting only the permissions required to perform particular tasks. In practice, however, writing IAM policies that enforce least privilege requires customers to understand what permissions are necessary for their applications to function, which can become challenging when the scale of the applications grows.

To help customers understand what permissions are not necessary, we launched IAM Access Analyzer unused access findings at the 2023 re:Invent conference. IAM Access Analyzer analyzes your AWS accounts to identify unused access and creates a centralized dashboard to report its findings. The findings highlight unused roles and unused access keys and passwords for IAM users. For active IAM roles and users, the findings provide visibility into unused services and actions.

Related content
New IAM Access Analyzer feature uses automated reasoning to ensure that access policies written in the IAM policy language don’t grant unintended access.

To take this service a step further, in June 2024 we launched recommendations to refine unused permissions in Access Analyzer. This feature recommends a refinement of the customer’s original IAM policies that retains the policy structure while removing the unused permissions. The recommendations not only simplify removal of unused permissions but also help customers enact the principle of least privilege for fine-grained permissions.

In this post, we discuss how Access Analyzer policy recommendations suggest policy refinements based on unused permissions, which completes the circle from monitoring overly permissive policies to refining them.

Policy recommendation in practice

Let's dive into an example to see how policy recommendation works. Suppose you have the following IAM policy attached to an IAM role named MyRole:

{
  "Version": "2012-10-17",
  "Statement": [
   {
      "Effect": "Allow",
      "Action": [
        "lambda:AddPermission",
        "lambda:GetFunctionConfiguration",
        "lambda:UpdateFunctionConfiguration",
        "lambda:UpdateFunctionCode",
        "lambda:CreateFunction",
        "lambda:DeleteFunction",
        "lambda:ListVersionsByFunction",
        "lambda:GetFunction",
        "lambda:Invoke*"
      ],
      "Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-lambda"
   },
  {
    "Effect" : "Allow",
    "Action" : [
      "s3:Get*",
      "s3:List*"
    ],
    "Resource" : "*"
  }
 ]
}

The above policy has two policy statements:

  • The first statement allows actions on a function in AWS Lambda, an AWS offering that provides function execution as a service. The allowed actions are specified by listing individual actions as well as via the wildcard string lambda:Invoke*, which permits all actions starting with Invoke in AWS Lambda, such as lambda:InvokeFunction.
  • The second statement allows actions on any Amazon Simple Storage Service (S3) bucket. Actions are specified by two wildcard strings, which indicate that the statement allows actions starting with Get or List in Amazon S3.

Enabling Access Analyzer for unused finding will provide you with a list of findings, each of which details the action-level unused permissions for specific roles. For example, for the role with the above policy attached, if Access Analyzer finds any AWS Lambda or Amazon S3 actions that are allowed but not used, it will display them as unused permissions.

Related content
Amazon Web Services (AWS) is a cloud computing services provider that has made significant investments in applying formal methods to proving correctness of its internal systems and providing assurance of correctness to their end-users. In this paper, we focus on how we built abstractions and eliminated specifications to scale a verification engine for AWS access policies, Zelkova, to be usable by all AWS

The unused permissions define a list of actions that are allowed by the IAM policy but not used by the role. These actions are specific to a namespace, a set of resources that are clustered together and walled off from other namespaces, to improve security. Here is an example in Json format that shows unused permissions found for MyRole with the policy we attached earlier:

[
 {
    "serviceNamespace": "lambda",
    "actions": [
      "UpdateFunctionCode",
      "GetFunction",
      "ListVersionsByFunction",
      "UpdateFunctionConfiguration",
      "CreateFunction",
      "DeleteFunction",
      "GetFunctionConfiguration",
      "AddPermission"
    ]
  },
  {
    "serviceNamespace": "s3",
    "actions": [
        "GetBucketLocation",
        "GetBucketWebsite",
        "GetBucketPolicyStatus",
        "GetAccelerateConfiguration",
        "GetBucketPolicy",
        "GetBucketRequestPayment",
        "GetReplicationConfiguration",
        "GetBucketLogging",
        "GetBucketObjectLockConfiguration",
        "GetBucketNotification",
        "GetLifecycleConfiguration",
        "GetAnalyticsConfiguration",
        "GetBucketCORS",
        "GetInventoryConfiguration",
        "GetBucketPublicAccessBlock",
        "GetEncryptionConfiguration",
        "GetBucketAcl",
        "GetBucketVersioning",
        "GetBucketOwnershipControls",
        "GetBucketTagging",
        "GetIntelligentTieringConfiguration",
        "GetMetricsConfiguration"
    ]
  }
]

This example shows actions that are not used in AWS Lambda and Amazon S3 but are allowed by the policy we specified earlier.

Related content
Rungta had a promising career with NASA, but decided the stars aligned for her at Amazon.

How could you refine the original policy to remove the unused permissions and achieve least privilege? One option is manual analysis. You might imagine the following process:

  • Find the statements that allow unused permissions;
  • Remove individual actions from those statements by referencing unused permissions.

This process, however, can be error prone when dealing with large policies and long lists of unused permissions. Moreover, when there are wildcard strings in a policy, removing unused permissions from them requires careful investigation of which actions should replace the wildcard strings.

Policy recommendation does this refinement automatically for customers!

The policy below is one that Access Analyzer recommends after removing the unused actions from the policy above (the figure also shows the differences between the original and revised policies):

{
  "Version": "2012-10-17",
  "Statement" : [
   {
      "Effect" : "Allow",
      "Action" : [
-       "lambda:AddPermission",
-       "lambda:GetFunctionConfiguration",
-       "lambda:UpdateFunctionConfiguration",
-       "lambda:UpdateFunctionCode",
-       "lambda:CreateFunction",
-       "lambda:DeleteFunction",
-       "lambda:ListVersionsByFunction",
-       "lambda:GetFunction",
        "lambda:Invoke*"
      ],
      "Resource" : "arn:aws:lambda:us-east-1:123456789012:function:my-lambda"
    },
    {
     "Effect" : "Allow",
     "Action" : [
-      "s3:Get*",
+      "s3:GetAccess*",
+      "s3:GetAccountPublicAccessBlock",
+      "s3:GetDataAccess",
+      "s3:GetJobTagging",
+      "s3:GetMulti*",
+      "s3:GetObject*",
+      "s3:GetStorage*",
       "s3:List*"
     ],
     "Resource" : "*"
   }
  ]
}

Let’s take a look at what’s changed for each policy statement.

For the first statement, policy recommendation removes all individually listed actions (e.g., lambda:AddPermission), since they appear in unused permissions. Because none of the unused permissions starts with lambda:Invoke, the recommendation leaves lambda:Invoke* untouched.

For the second statement, let’s focus on what happens to the wildcard s3:Get*, which appears in the original policy. There are many actions that can start with s3:Get, but only some of them are shown in the unused permissions. Therefore, s3:Get* cannot just be removed from the policy. Instead, the recommended policy replaces s3:Get* with seven actions that can start with s3:Get but are not reported as unused.

Related content
Amazon scientists are on the cutting edge of using math-based logic to provide better network security, access management, and greater reliability.

Some of these actions (e.g., s3:GetJobTagging) are individual ones, whereas others contain wildcards (e.g., s3:GetAccess* and s3:GetObject*). One way to manually replace s3:Get* in the revised policy would be to list all the actions that start with s3:Get except for the unused ones. However, this would result in an unwieldy policy, given that there are more than 50 actions starting with s3:Get.

Instead, policy recommendation identifies ways to use wildcards to collapse multiple actions, outputting actions such as s3:GetAccess* or s3:GetMulti*. Thanks to these wildcards, the recommended policy is succinct but still permits all the actions starting with s3:Get that are not reported as unused.

How do we decide where to place a wildcard in the newly generated wildcard actions? In the next section, we will dive deep on how policy recommendation generalizes actions with wildcards to allow only those actions that do not appear in unused permissions.

A deep dive into how actions are generalized

Policy recommendation is guided by the mathematical principle of “least general generalization” — i.e., finding the least permissive modification of the recommended policy that still allows all the actions allowed by the original policy. This theorem-backed approach guarantees that the modified policy still allows all and only the permissions granted by the original policy that are not reported as unused.

To implement the least-general generalization for unused permissions, we construct a data structure known as a trie, which is a tree each of whose nodes extends a sequence of tokens corresponding to a path through the tree. In our case, the nodes represent prefixes shared among actions, with a special marker for actions reported in unused permissions. By traversing the trie, we find the shortest string of prefixes that does not contain unused actions.

The diagram below shows a simplified trie delineating actions that replace the S3 Get* wildcard from the original policy (we have omitted some actions for clarity):

Access Analyzer trie.png
A trie delineating actions that can replace the Get* wildcard in an IAM policy. Nodes containing unused actions are depicted in orange; the remaining nodes are in green.

At a high level, the trie represents prefixes that are shared by some of the possible actions starting with s3:Get. Its root node represents the prefix Get; child nodes of the root append their prefixes to Get. For example, the node named Multi represents all actions that start with GetMulti.

Related content
Automated reasoning and optimizations specific to CPU microarchitectures improve both performance and assurance of correct implementation.

We say that a node is safe (denoted in green in the diagram) if none of the unused actions start with the prefix corresponding to that node; otherwise, it is unsafe (denoted in orange). For example, the node s3:GetBucket is unsafe because the action s3:GetBucketPolicy is unused. Similarly, the node ss is safe since there are no unused permissions that start with GetAccess.

We want our final policies to contain wildcard actions that correspond only to safe nodes, and we want to include enough safe nodes to permit all used actions. We achieve this by selecting the nodes that correspond to the shortest safe prefixes—i.e., nodes that are themselves safe but whose parents are not. As a result, the recommended policy replaces s3:Get* with the shortest prefixes that do not contain unused permissions, such as s3:GetAccess*, s3:GetMulti* and s3:GetJobTagging.

Together, the shortest safe prefixes form a new policy that, while syntactically similar to the original policy, is the least-general generalization to result from removing the unused actions. In other words, we have not removed more actions than necessary.

You can find how to start using policy recommendation with unused access in Access Analyzer. To learn more about the theoretical foundations powering policy recommendation, be sure to check out our science paper.

Related content

US, CA, Sunnyvale
Prime Video is a first-stop entertainment destination offering customers a vast collection of premium programming in one app available across thousands of devices. Prime members can customize their viewing experience and find their favorite movies, series, documentaries, and live sports – including Amazon MGM Studios-produced series and movies; licensed fan favorites; and programming from Prime Video subscriptions such as Apple TV+, HBO Max, Peacock, Crunchyroll and MGM+. All customers, regardless of whether they have a Prime membership or not, can rent or buy titles via the Prime Video Store, and can enjoy even more content for free with ads. Are you interested in shaping the future of entertainment? Prime Video's technology teams are creating best-in-class digital video experience. As a Prime Video team member, you’ll have end-to-end ownership of the product, user experience, design, and technology required to deliver state-of-the-art experiences for our customers. You’ll get to work on projects that are fast-paced, challenging, and varied. You’ll also be able to experiment with new possibilities, take risks, and collaborate with remarkable people. We’ll look for you to bring your diverse perspectives, ideas, and skill-sets to make Prime Video even better for our customers. With global opportunities for talented technologists, you can decide where a career Prime Video Tech takes you! Key job responsibilities As an Applied Scientist at Prime Video, you will have end-to-end ownership of the product, related research and experimentation, applying advanced machine learning techniques in computer vision (CV), Generative AI, multimedia understanding and so on. You’ll work on diverse projects that enhance Prime Video’s content localization, image/video understanding, and content personalization, driving impactful innovations for our global audience. Other responsibilities include: - Research and develop generative models for controllable synthesis across images, video, vector graphics, and multimedia - Innovate in advanced diffusion and flow-based methods (e.g., inverse flow matching, parameter efficient training, guided sampling, test-time adaptation) to improve efficiency, controllability, and scalability. - Advance visual grounding, depth and 3D estimation, segmentation, and matting for integration into pre-visualization, compositing, VFX, and post-production pipelines. - Design multimodal GenAI workflows including visual-language model tooling, structured prompt orchestration, agentic pipelines. A day in the life Prime Video is pioneering the use of Generative AI to empower the next generation of creatives. Our mission is to make world-class media creation accessible, scalable, and efficient. We are seeking an Applied Scientist to advance the state of the art in Generative AI and to deliver these innovations as production-ready systems at Amazon scale. Your work will give creators unprecedented freedom and control while driving new efficiencies across Prime Video’s global content and marketing pipelines. This is a newly formed team within Prime Video Science!
US, WA, Seattle
Are you interested in leading growth initiatives for one of Amazon’s most significant and fastest growing businesses? Selling Partners offer hundreds of millions of unique products and are a critical to delivering on our vision of offering the Earth’s largest selection and lowest prices. The Amazon Marketplace enables over 2 million third-party selling partners in eleven marketplaces to list their products for sale to Amazon customers across the world. Within our WW Marketplace business, International Seller Services (ISS) oversees the recruiting and development of Selling Partners for all of our international marketplaces (e.g. UK, Germany, Japan, Middle East etc.). ISS also enables global selling, helping Sellers in one country expand and sell internationally. Are you fascinated by the power of Natural Language Processing (NLP) and Large Language Models (LLM) to transform the way we interact with technology? Are you passionate about applying advanced machine learning techniques to solve complex challenges in the e-commerce space? If so, the Central Science Team of Amazon's International Seller Services has an exciting opportunity for you as an Applied Science Manager. We are seeking an experienced science leader who is adept at a variety of skills; especially in generative AI, computer vision, and large language models that will help international sellers succeed as they sell on Amazon. The right candidate will provide science leadership, establish the right direction and vision, build team mechanisms, foster the spirit of collaboration and innovation within the org, and execute against a roadmap. This leader will provide both technical direction as well as manage a sizable team of scientists. They will need to be adept at recruiting, launching AI models into production, writing vision/direction documents, and building team mechanisms that will foster innovation and execution. Additionally, while the position is based in Seattle, this leader will interact with global leaders and teams in Europe, Japan, China, Australia, and other regions. Key job responsibilities Key job responsibilities Responsibilities include: * Drive end-to-end applied science projects that have a high degree of ambiguity, scale, complexity. * Provide technical / science leadership related to NLP, computer vision and large language models. * Research new and innovative machine learning approaches. * Recruit high performing Applied Scientists to the team and provide mentorship. * Establish team mechanisms, including team building, planning, and document reviews. * Communicate complex technical concepts effectively to both technical and non-technical stakeholders, providing clear explanations and guidance on proposed solutions and their potential impact.
GB, London
Amazon Strategic Account Services (SAS) Tech Organization is looking for an Applied Scientist Applied Scientist who can autonomously drive scientific innovations from research to production, developing sophisticated AI solutions that serve both Amazon's global seller base and internal Marketplace Consultants. Working in a highly collaborative environment, you'll leverage expertise in machine learning, operations research, and statistics to translate theoretical advances in LLMs, probabilistic modeling, and optimization into practical applications. The role demands strong capabilities in prototyping and iterative improvement, bridging cutting models with real-world applications while maintaining scientific rigor and measurable business impact. Key job responsibilities - Lead the development of sophisticated AI solutions leveraging deep learning, LLMs, and advanced machine learning techniques to transform both seller operations and internal consultancy capabilities at scale - Define and drive long-term scientific vision for the organization, translating complex business challenges into innovative technical solutions that advance the state-of-the-art in applied machine learning - Design and implement advanced ML architectures combining multiple learning paradigms - from reinforcement learning and causal inference to predictive modeling - to tackle critical marketplace challenges - Architect next-generation recommendation and optimization systems that handle complex multi-dimensional constraints while maintaining robustness and interpretability at scale - Drive end-to-end development of AI applications from research through production, collaborating with engineering teams to ensure successful deployment and conducting rigorous A/B experiments to validate impact - Pioneer novel applications of foundation models and generative AI, developing sophisticated evaluation frameworks while maintaining Amazon's high standards for accuracy and reliability - Lead technical discussions across organizational boundaries, effectively communicating complex scientific concepts to diverse stakeholders while staying at the forefront of ML/AI research advancements About the team What is Amazon Strategic Account Services (SAS)? The SAS team aims to accelerate the full potential of our Sellers, helping them to navigate the increasing complexity of the e-commerce space. Our team provides in-depth strategic consultancy using a data-driven, collaborative, and a Customer-focused approach to achieve commercial goals of Amazon Sellers.
US, TX, Austin
Amazon Leo is an initiative to launch a constellation of Low Earth Orbit satellites that will provide low-latency, high-speed broadband connectivity to unserved and underserved communities around the world. As a Systems Engineer, this role is primarily responsible for the design, development and integration of communication payload and customer terminal systems. The Role: Be part of the team defining the overall communication system and architecture of Amazon Leo’s broadband wireless network. This is a unique opportunity to innovate and define groundbreaking wireless technology at global scale. The team develops and designs the communication system for Leo and analyzes its overall system level performance such as for overall throughput, latency, system availability, packet loss etc. This role in particular will be responsible for leading the effort in designing and developing advanced technology and solutions for communication system. This role will also be responsible developing advanced physical layer + protocol stacks systems as proof of concept and reference implementation to improve the performance and reliability of the LEO network. In particular this role will be responsible for using concepts from digital signal processing, information theory, wireless communications to develop novel solutions for achieving ultra-high performance LEO network. This role will also be part of a team and develop simulation tools with particular emphasis on modeling the physical layer aspects such as advanced receiver modeling and abstraction, interference cancellation techniques, FEC abstraction models etc. This role will also play a critical role in the integration and verification of various HW and SW sub-systems as a part of system integration and link bring-up and verification. Export Control Requirement: Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum.
US, VA, Arlington
Amazon Web Services (AWS) is the world leader in providing a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world! Passionate about building, owning and operating massively scalable systems? Want to make a billion-dollar impact? If so, we have an exciting opportunity for you. The AWS Managed Operations (MO) organization was founded in April 2023, with the objective to reduce operational load and toil through long-term engineering projects. MO is building the best-in-class engineering and operations team that will own the day-to-day operations for AWS Regions; improving the availability, reliability, latency, performance and efficiency to operate AWS regions. The AWS Managed Operations Intelligence (MOI) Team is looking for a Data Scientist to lead the research and thought leadership to drive our data and insight strategy for AWS. You will be expected to serve as a Full Stack Data Scientist. You will be responsible for driving data-driven transformation across the organization. In this role, you will be responsible for the end-to-end data science lifecycle, from data exploration, ETL, model development and data visualization. You will leverage a diverse set of tools and technologies, including general analytical frameworks (Spark, Airflow, etc.), AI frameworks (Hugging Face, etc.) and various machine learning frameworks, to tackle complex business problems. Your analytics research will provide direction on the technology strategy of the Managed Operations organization. Your Decision Science artifacts will provide insights that inform AWS' Operations and Site Reliability Engineering teams. You will work on ambiguous and complex business and research science problems at scale. You are and comfortable working with cross-functional teams and systems. This role will sit in our new headquarters in Northern Virginia, where Amazon will invest $2.5 billion dollars, occupy 4 million square feet of energy efficient office space, and create at least 25,000 new full-time jobs. Our employees and the neighboring community will also benefit from the associated investments from the Commonwealth including infrastructure updates, public transportation improvements, and new access to Reagan National Airport. By working together on behalf of our customers, we are building the future one innovative product, service, and idea at a time. Are you ready to embrace the challenge? Come build the future with us. This position requires that the candidate selected be a U.S. citizen. 10012 Key job responsibilities - Work with large and complex data sets to solve a wide array of challenging problems using different analytical approaches - Develop ML/AI models. Partner with software teams to productionalize these models. - Data Pipeline and Infrastructure: design and implementation of data pipelines - Metric Development and Monitoring: Define and develop advanced, customized metrics and key performance indicators (KPIs) that capture the nuances of the organization's strategic objectives and operational complexities. Continuously monitor and evaluate the performance of metrics A day in the life Why AWS? Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge-sharing and mentorship. Our senior members enjoy one-on-one mentoring and thorough, but kind, code reviews. We care about your career growth and strive to assign projects that help our team members develop your engineering expertise so you feel empowered to take on more complex tasks in the future. Diverse Experiences AWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. About AWS Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses. AWS Infrastructure Services (AIS) AWS Infrastructure Services owns the design, planning, delivery, and operation of all AWS global infrastructure. In other words, we’re the people who keep the cloud running. We support all AWS data centers and all of the servers, storage, networking, power, and cooling equipment that ensure our customers have continual access to the innovation they rely on. We work on the most challenging problems, with thousands of variables impacting the supply chain — and we’re looking for talented people who want to help. Inclusive Team Culture AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do. Mentorship & Career Growth We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud. About the team The Managed Operations Intelligence (MOI) Team helps AWS operate its services across the world. We help monitor AWS operations by providing insights and recommendations on AWS operations. This position requires that the candidate selected be a U.S. citizen.
CN, 31, Shanghai
As an Applied Scientist, you will be responsible for bringing new product designs through to manufacturing. You will work closely with multi-disciplinary groups including Product Design, Industrial Design, Hardware Engineering, and Operations, to drive key aspects of engineering of consumer electronics products. In this role, you will use expertise in physical sciences, theoretical, numerical or empirical techniques to create scalable models representing response of physical systems or devices, including: * Applying domain scientific expertise towards developing innovative analysis and tests to study viability of new materials, designs or processes * Working closely with engineering teams to drive validation, optimization and implementation of hardware design or software algorithmic solutions to improve product and customer risks * Establishing scalable, efficient, automated processes to handle large scale design and data analysis * Conducting research into use conditions, materials and analysis techniques * Tracking general business activity including device health in field and providing clear, compelling reports to management on a regular basis * Developing, implementing guidelines to continually optimize design processes * Using simulation tools like LS-DYNA, and Abaqus for analysis and optimization of product design * Using of programming languages like Python and Matlab for analytical/statistical analyses and automation * Demonstrating strong understanding across multiple physical science domains, e.g. structural, thermal, fluid dynamics, and materials * Developing, analyzing and testing structural solutions from concept design, feature development, product architecture, through system validation * Supporting product development and optimization through application of analysis and testing of complex electronic assemblies using advanced simulation and experimentation tools and techniques
US, WA, Seattle
You will build and lead the economics research agenda for measurement, experimentation, and value attribution for Amazon's Devices & Services organization. Your team is the "truth layer" of the Intelligence Core — the shared economics and causal inference capability that serves all Devices product lines, marketing pods, and Finance leadership with causal evidence of what Devices are worth and whether our investments are working. This is not a traditional analytics or measurement role. You will own an active research program in experimentation design — identifying and executing the causal studies that produce the causal inputs for pricing decisions, marketing optimization, and portfolio strategy. Your outputs provide the causal evidence base that L8 peers and senior leadership consume to make billions of dollars in investment decisions across the D&S portfolio. You will also own the economic models that validate and drive execution across the full surface area of marketing spend for devices and services. Key job responsibilities Economic Value: • Downstream value attribution for all Devices product lines — Impact on Prime, subscription lift, consumer spending, advertising value • Alexa+ value isolation and cross-PL attribution • Causal frameworks connecting device sales to Prime acquisition, subscription retention, and ecosystem engagement Marketing Science & Measurement: • Build the marketing science function from scratch • Incrementality measurement for marketing spend across all channels • Attribution methodology, measurement standards, and cross-pod governance • Marketing ROI frameworks for use by category marketers • CCM certification methodology and scenario planning models for optimal investment allocation Experimentation: • Owning the estimation methodology, identification strategies, data inputs/outputs, and refresh cadence • You will build this team's analytics function with AI at its core from day one • Experimentation governance — managing interference across teams, setting standards for causal validity • Evaluation framework for AI agents and autonomous optimization systems
US, WA, Seattle
Are you passionate about solving big problems from ground-up? Do you enjoy building new state-of-the-art products at internet scale? Come lead the innovation in this startup team, vertical ad products. This is a green field problem without a known answer or a pattern to follow. We have ambitious vision to simplify full funnel advertising solutions, at scale, with specialized agentic AI-powered models and diversify the demand to strategic verticals including finserv, autos, locals.. etc. We are seeking an experienced Sr Data Scientist to drive innovation in our Ads Foundational Model. In this individual contributor role, you will apply advanced machine learning techniques to improve advertiser performance and customer experience. Key job responsibilities As a Data Scientist on this team, you will: 1. Develop and drive the science strategy for Ads Foundational Model (Ads-FM), aligning it with the program's objectives and overall business goals. 2. Identify high-impact opportunities within Ads-FM program and lead the ideation, planning, and execution of science initiatives to address them. 3. Build and deploy machine learning models using computer vision, natural language processing, and deep learning to evaluate and enhance ad effectiveness. 4. Develop algorithms that extract meaningful signals from image, video, and audio content to predict and improve customer engagement 5. Leverage Amazon's extensive data repository to create predictive models that generate actionable recommendations for more compelling ad creative 6. Collaborate with business leaders and cross-functional teams to implement ML-powered solutions 7. Contribute to the ML roadmap for the Ads-FM program through innovation and research.
US, WA, Seattle
Innovators wanted! Are you an entrepreneur? A builder? A dreamer? This role is part of an Amazon Special Projects team that takes the company’s Think Big leadership principle to the extreme. We focus on creating entirely new products and services with a goal of positively impacting the lives of our customers. No industries or subject areas are out of bounds. If you’re interested in innovating at scale to address big challenges in the world, this is the team for you. Here at Amazon, we embrace our differences. We are committed to furthering our culture of inclusion. We have thirteen employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We are constantly learning through programs that are local, regional, and global. Amazon’s culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust. Our team highly values work-life balance, mentorship and career growth. We believe striking the right balance between your personal and professional life is critical to life-long happiness and fulfillment. We care about your career growth and strive to assign projects and offer training that will challenge you to become your best.
IN, KA, Bengaluru
Have you ever wondered how that Amazon box with the smile arrives so quickly, where it came from, and how much it cost Amazon to deliver? The WW Amazon Logistics, Business Analytics team manages the delivery of tens of millions of products every week to Amazon's customers, achieving on-time delivery in a cost-effective manner. We are seeking an enthusiastic, customer-obsessed Manager Research Science with strong analytical skills to join our team. This role is crucial in optimizing Amazon's vast delivery network and will have significant impact on the customer experience, particularly in the final phase of delivery. As a Manager Research Science, you will: 1. Address business challenges through building compelling cases and using data to influence change across the organization 2. Develop input and assumptions based on preexisting models to estimate costs and savings opportunities associated with varying levels of network growth and operations 3. Create metrics to measure business performance, identify root causes and trends, and prescribe action plans 4. Manage multiple high-impact projects simultaneously 5. Work with technology teams and product managers to develop new tools and systems supporting business growth 6. Communicate with and support various internal stakeholders and external audiences 7. Implement scheduling solutions, improve metrics, and develop scalable processes and tools The ideal candidate will have: - Extensive experience in operations research and data-driven decision making - Strong analytical and problem-solving skills - Robust program management and research science skills - Ability to work with a team and make independent decisions in ambiguous environments - Customer-obsessed mindset with a focus on improving the Amazon delivery experience This role offers the autonomy to think strategically and make data-driven decisions from day one. Join us in shaping the future of e-commerce delivery and addressing the core challenges in our world-class operations space! Key job responsibilities 1. Advanced Modeling and Algorithm Development: - Design and implement sophisticated machine learning models for logistics optimization - Develop complex time series forecasting algorithms for demand prediction and resource allocation 2. AI and Machine Learning Integration: - Architect and deploy AI-powered systems to enhance decision-making in logistics operations - Implement deep learning techniques for image recognition in package sorting and handling - Develop reinforcement learning algorithms for adaptive scheduling and resource management 3. Big Data Analytics and Processing: - Design and implement distributed computing solutions for processing massive logistics datasets - Utilize cloud computing platforms (e.g., AWS) for scalable data processing and analysis 4. AI-Driven Workflow Optimization: - Design and implement AI agents for autonomous decision-making in logistics processes - Create machine learning models for customer behavior analysis and personalized delivery options 5. Software Development and System Architecture: - Write efficient, scalable code in languages such as Python, Java, or C++ - Develop and maintain complex software systems for logistics optimization - Stay at the forefront of AI and ML research - Publish research findings in top-tier conferences and journals About the team We are Amazon's Last Mile Science and Analytics team, dedicated to improving e-commerce delivery. We work to optimize our vast network, forecast demand using machine learning, and enhance route efficiency. Our efforts focus on developing innovative delivery methods, applying AI to solve complex problems, and conducting geospatial analysis. We create simulations to refine processes and plan capacity effectively. Operating globally, we strive to develop adaptable solutions for diverse markets. We aim to advance logistics science, continually improving speed, efficiency, and customer satisfaction, in support of Amazon's mission to be Earth's most customer-centric company.