Which AWS service or feature checks access policies and offers actionable recommendations to help users set secure and functional policies?

Explanations:

AWS Systems Manager primarily focuses on operational tasks such as automation, patch management, and configuration management, rather than evaluating access policies.

AWS IAM Access Analyzer is designed to analyze IAM policies and resource-based policies to help identify any access configurations that may grant unintended access, offering recommendations for securing those policies.

AWS Trusted Advisor provides best practices and recommendations across various AWS services, including cost optimization and performance, but it does not specifically focus on access policy analysis.

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior in AWS accounts and workloads, rather than assessing access policies.