Posted On: Dec 9, 2015

The IAM console now displays service last accessed data that shows the hour when an IAM entity (a user, group, or role) last accessed an AWS service. Knowing if, and when an IAM entity last exercised a permission can help you remove unnecessary rights and tighten your IAM policies with less effort. This helps you write more secure access control policies that better adhere to the principle of least privilege—that is, granting only the permissions required to perform a task.

To learn more, visit the AWS Security Blog.