Posted On: Jun 14, 2016
In December, AWS Identity and Access Management (IAM) released service last accessed data, which shows the time when an IAM entity (a user, group, or role) last accessed an AWS service. This provided a powerful tool to help you grant least-privilege permissions. Starting today, it’s easier to identify where permissions can be reduced based on additional service last accessed data. With this release, you have access to the following for IAM entities and policies:
- Last accessed data for all IAM users and roles associated with a managed policy or group.
- All policies contributing service permissions to an IAM user, role, or group.
These additional details can improve your understanding of access patterns and policy configurations. As a result, you can make better-informed permissions management decisions.
To learn more, visit the AWS Security Blog.