Re: Customers can enable Access Analyzer
Yes it's free.
"Access Analyzer for S3 is available at no additional cost in the S3 Management Console in all commercial AWS Regions, excluding the AWS China (Beijing) Region and the AWS China (Ningxia) Region. Access Analyzer for S3 is also available through APIs in the AWS GovCloud (US) Regions."
I think this is just a response to the high-profile 'blunders' which have been down to human error (but looks bad on AWS unfairly). This will be just another resource which AWS can say 'look - we have this easy to use, free tool for them, yet the user is still an idiot and ignored it or any of the other best practice advice we have given'.
For example when you make a bucket public it alerts you and is very visible on the console afterwards. A person also will need to deliberately attach an open resource policy to the bucket, yet this still isn't enough.