Self-learning access control policies

What is claimed is: 1. A computer-implemented method, comprising: obtaining, at a policy management service, an access control policy associated with a user of a computing resource service provider, the access control policy having a corresponding set of effective permissions associated with one or more resources of the computing resource service provider; obtaining usage history information generated as a result of a plurality of previously submitted requests for access to the one or more resources that implicate the access control policy, the usage history information comprising an indication of one or more outcomes of the plurality of previously submitted requests; producing a set of policy modification recommendations based at least in part on a comparison of the usage history information to the access control policy, each policy modification recommendation of the set of policy modification recommendations specifying an alteration to the set of effective permissions; selecting a policy modification recommendation from the set of policy modification recommendations; altering the access control policy in accordance with the selected policy modification recommendation by at least removing an unnecessary permission or adding a missing permission to the access control policy to produce a modified access control policy; presenting the modified access control policy to the policy management service to cause the access control policy to be replaced by the modified access control policy; and controlling access to at least one of the one or more resources using the modified access control policy. 2. The computer-implemented method of claim 1 , wherein selecting the policy modification recommendation from the set of policy modification recommendations further comprises selecting the recommended policy modification from a subset of the set of policy modification recommendations based at least in part on a risk assessment, the risk assessment based at least in part on a result of applying the subset of the set of policy modification recommendations. 3. The computer-implemented method of claim 1 , wherein altering the access control policy in accordance with the selected policy modification recommendation to produce the modified access control policy comprises changing the set of permissions. 4. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least: determine a set of effective permissions, each effective permission of the set of effective permissions corresponding to a right of a principal to perform an action in connection with a resource of one or more resources; obtain usage history information generated as a result of a plurality of previously submitted requests for access to the one or more resources that implicate the set of effective permissions, the usage history information comprising an indication of one or more outcomes of the plurality of previously submitted requests; produce, based at least in part on comparing the obtained usage history information to the set of effective permissions, a set of permission modification recommendations, each permission modification recommendation of the set of permission modification recommendations specifying an alteration to the set of effective permissions; provide a subset of the set of permission modification recommendations; apply the subset of the set of permission modification recommendations to the set of effective permissions by at least removing an unnecessary permission or adding a missing permission to produce a modified set of effective permissions; presenting the modified set of effective permissions to cause a policy management service to replace the set of effective permissions with the modified set of effective permissions; and control access to the one or more resources using the modified set of effective permissions. 5. The non-transitory computer-readable storage medium of claim 4 , wherein the subset of the set of permission modification recommendations is selected from the set of permission modification recommendations based at least in part on a measurement of changes to one or more of the one or more effective permissions as a result of applying the subset of the set of permission modification recommendations. 6. The non-transitory computer-readable storage medium of claim 5 , wherein the measurement of changes is based at least in part on one or more risk assessments of the subset of the set of permission modification recommendations. 7. The non-transitory computer-readable storage medium of claim 4 , wherein the instructions are further configured to cause the computer system to generate a request for approval for the subset of the set of permission modification recommendations from a user of the computer system. 8. The non-transitory computer-readable storage medium of claim 4 , wherein the subset of the set of permission modification recommendations is selected from the set of permission modification recommendations based at least in part on comparing a recommended policy to a first policy, the recommended policy obtained by applying the subset of the set of permission modification recommendations to the set of effective permissions, the first policy comprising a set of first policy permissions, at least a subset of the set of first policy permissions differing from the one or more permissions of the effective set of permissions. 9. The non-transitory computer-readable storage medium of claim 8 , wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to select the set of first policy permissions based at least in part on reducing a risk assessment of the recommended policy. 10. The non-transitory computer-readable storage medium of claim 8 , wherein the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to select the set of first policy permissions based at least in part on decreasing a complexity of the recommended policy. 11. The non-transitory computer-readable storage medium of claim 4 , wherein one or more permission modification recommendations of the set of permission modification recommendations is configured to, when performed by the computer system, combine a subset of the set of effective permissions to produce a new effective permission of the set of effective permissions. 12. The non-transitory computer-readable storage medium of claim 4 , wherein one or more permission modification recommendations of the set of permission modification recommendations is configured to, when performed by the computer system, add one or more new effective permissions to the set of effective permissions, each of the one or more new effective permissions based at least in part on the plurality of previously submitted application programming interface requests. 13. A system, comprising: one or more machine-readable mediums having stored thereon a set of instructions, which if performed by one or more processors, cause the system to at least: obtain usage history information indicating requests for access to one or more resources associated with a first user of the system, the usage history information comprising an indication of one or more outcomes of the requests for access to the one or more resources; produce a set of permission modification recommendations based at least in part on comparing a set of effective permissions to the obtained usage history information, each permi