Systems and methods for access permission revocation and reinstatement

What is claimed is: 1. An access management system for managing permissions for applications deployed in a distributed computing infrastructure, the system comprising: an access management server having a processing device in communication with one or more coupled information storage systems; a distributed computing infrastructure having a plurality of resource instances and a request log, the distributed computing infrastructure being in communication with the access management system; an administration system having a security application executing thereon, the security application having a plurality of access policies associated with each of a plurality of applications; and wherein the processing device of the access management server: receives application request information from the request log, the application request information describing requests made by a first application of the plurality of applications being monitored by the access management server, receives an access policy describing a set of accessible APIs associated with the first application from the security application, determines that access to a first API of the set of accessible APIs associated with the first application should be removed, and modifies the access policy to remove access to the first API of the set of accessible APIs associated with the first application. 2. The access management system of claim 1 , further comprising a user interface accessible to a first user associated with the first application and to an administrative security user. 3. The access management system of claim 1 , wherein the processing device of the access management server is programmed to receive a request for reinstatement from a first user to reinstate access to the first API into the set of accessible APIs associated with the first application in the access policy associated with the first application. 4. The access management system of claim 3 , wherein the processing device determines that access to the first API of the set of accessible APIs associated with the first application should be removed by monitoring usage associated with the first API of the set of accessible APIs by the first application. 5. The access management system of claim 3 , wherein the access management server automatically reinstates the first API when the request for reinstatement is received from the first user within a predetermined time period after the processing device modifies the access policy to remove access to the first API. 6. The access management system of claim 1 , wherein the processing device of the access management server generates a count of API calls made by the first application during a period of time and wherein determining that access to a first API of the set of accessible APIs associated with the first application should be removed comprises determining that the count of API calls associated with the first API is below a threshold value. 7. The access management system of claim 1 , wherein the processing device of the access management server: schedules a modification of the access policy to remove a second API of the set of accessible APIs; transmits a communication to a client device associated with a first user, the communication indicating that access to the second API of the set of accessible APIs is scheduled to be removed at a scheduled time; receives a request via the client device associated with the first user to cancel the scheduled removal of the access policy to remove access to the second API; and cancels the scheduled removal in response to the request. 8. The access management system of claim 2 , wherein the processing device of the access management server: receives a request via a client device associated with the first user to reinstate the first API into the set of accessible APIs included in the access policy associated with the first application; transmits information regarding the request to a client device of the administrative security user, the information identifying the first user, the first API, and the first application; and receives instructions from the administrative security user via the client device, the instructions indicating whether the request is to be granted or denied. 9. The access management system of claim 8 , wherein the instructions from the administrative security user comprise comments of the administrative security user regarding the request, and wherein the processing device of the access management server transmits the comments to the client device associated with the first user. 10. A method comprising: receiving, by a processing device, application request information from a request log of a distributed computing infrastructure, the application request information describing requests made by a first application deployed in the distributed computing infrastructure; receiving an access policy describing a set of accessible objects associated with the first application; determining, by the processing device and based on the application request information, that the first application does not require access to a first object of the set of accessible objects included in an access policy associated with the first application; and removing, by the processing device, access to the first object from the access policy associated with the first application to produce a modified access policy associated with the first application. 11. The method of claim 10 , further comprising: receiving a request from a user associated with the first application to reinstate access to the first object; determining, by the processing device, that the request satisfies predetermined conditions for reinstatement of access to the first object; and adding, by the processing device, access to the first object in the modified access policy associated with the first application to produce a newly modified access policy associated with the first application. 12. The method of claim 11 , wherein determining that the request satisfies predetermined conditions for reinstatement of access to the first object comprises at least one of: determining that the request is received before a predetermined time after removal of access to the first object; determining that the removal of access to the first object resulted from a lack of requests to access the first object during a period of observation; and determining that the first object is not included on a list of secured objects. 13. The method of claim 10 , wherein the first application is associated with a first account on the distributed computing infrastructure. 14. The method of claim 10 , wherein the first object of the set of accessible objects is a first application programming interface (API) of a set of accessible APIs presented by the distributed computing infrastructure. 15. The method of claim 10 , further comprising: monitoring, by the processing device, usage of a second object by the first application during a period of observation; determining that usage of the second object by the first application is below a threshold usage value; scheduling removal of access to the second object based on the usage of the second object; and transmitting a communication to a first user associated with the first application, the communication identifying the first application, the second object, and a scheduled time for removal of access to the second object. 16. The method of claim 15 , further comprising: receiving a request from the first user to prevent the scheduled removal of access to the second object; determining that the re