Tighten S3 permissions for your IAM users and roles using access history of S3 actions

Posted on: Jun 3, 2020

To help you identify unused S3 permissions, AWS Identity and Access Management (IAM) extended service last accessed information to include S3 management actions and reports the last time a user or role used an S3 action. This granular access information helps you analyze access, identify unused S3 actions, and remove them confidently.

You can view this timestamp in the IAM console or by using IAM APIs with the AWS Command Line Interface (AWS CLI) or a programmatic client. Action last accessed information is available in US East (Ohio, N. Virginia), US West (N. California, Oregon), Africa (Cape Town), Asia Pacific (Hong Kong, Mumbai, Osaka-local, Seoul, Singapore, Sydney, Tokyo), Canada (Central), EU (London, Frankfurt, Ireland, Milan, Paris, Stockholm), Middle East (Bahrain), and South America (São Paulo) public AWS Regions. To learn more, visit Refining Permissions using Last Accessed Data documentation.