# Manage an IAM Access Analyzer internal access analyzer
To enable an internal access analyzer in a Region, you must create an analyzer in that Region. You must create an internal access analyzer in each Region in which you want to monitor access to your resources.
**Note**
After you create or update an analyzer, it can take time for findings to be available.
## Update an internal access analyzer
Use the following procedure to update an internal access analyzer.
1. Open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. Under **Access analyzer**, choose **Analyzer settings**.
1. In the **Analyzers** section, choose the name of the internal access analyzer to manage.
1. On the **Archive rules** tab, you can create, edit, or delete archive rules for the analyzer. For more information, see [Archive rules](access-analyzer-archive-rules.md).
1. On the **Tags** tab, you can manage and create tags for the analyzer. For more information, see [Tags for AWS Identity and Access Management resources](id_tags.md).
1. On the **Resources** tab, choose **Edit** in the **Resources to analyze** section.
1. To add resources by account, choose **Add resources > Add resources from selected accounts**.
1. Choose **All supported resource types** or choose **Define specific resource types** and select the resource types from the **Resource type** list.
Internal access analyzers support the following resource types:
+ [Amazon Simple Storage Service buckets](access-analyzer-resources.md#access-analyzer-s3)
+ [Amazon Simple Storage Service directory buckets](access-analyzer-resources.md#access-analyzer-s3-directory)
+ [Amazon Relational Database Service DB snapshots](access-analyzer-resources.md#access-analyzer-rds-db)
+ [Amazon Relational Database Service DB cluster snapshots](access-analyzer-resources.md#access-analyzer-rds-db-cluster)
+ [Amazon DynamoDB streams](access-analyzer-resources.md#access-analyzer-ddb-stream)
+ [Amazon DynamoDB tables](access-analyzer-resources.md#access-analyzer-ddb-table)
1. Choose **Add resources**.
1. To add resources by Amazon Resource Name (ARN), choose **Add resources > Add resources by pasting in resource ARN**.
**Note**
ARNs must be exact matches – wildcards are not supported. For Amazon S3, only bucket ARNs are supported. Amazon S3 object ARNs and prefixes are not supported.
1. For each resource ARN, enter the account owner ID and the resource ARN separated by a comma. Enter one account owner ID and resource ARN per line.
1. Choose **Add resources**.
1. To add resources by a CSV file, choose **Add resources > Add resources by uploading a CSV**.
You can use [AWS Resource Explorer](https://docs.aws.amazon.com/resource-explorer/latest/userguide/using-search.html) to search for resources in your accounts and export a CSV file. Then you can upload the CSV file to configure the resources for the analyzer to monitor.
1. Choose **Choose file** and select the CSV file from your computer.
1. Choose **Add resources**.
1. To remove resources from the analyzer, select the check box next to the resources to remove and choose **Remove**.
1. Choose **Save changes**.
**Note**
Any updates to the analyzer will be evaluated at the next automatic rescan within 24 hours.
## Delete an internal access analyzer
Use the following procedure to delete an internal access analyzer. When you delete an analyzer, the resources are no longer monitored and no new findings are generated. All findings that were generated by the analyzer are deleted.
1. Open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. Under **Access analyzer**, choose **Analyzer settings**.
1. In the **Analyzers** section, choose the name of the internal access analyzer to delete.
1. Choose **Delete analyzer**.
1. Enter **delete** and choose **Delete** to confirm deleting the analyzer.