Posted On: Apr 19, 2021
IAM helps customers with capabilities to analyze access and achieve least privilege. When you are working on new permissions for your teams, you can use IAM Access Analyzer policy generation to create a policy based on your access activity and set fine-grained permissions. To analyze and refine existing permissions, you can use last accessed information to identify unused actions in your IAM policies and reduce access. When we launched action last accessed in 2020, we started with S3 management actions to help you restrict access to your critical business data. Now, IAM is increasing visibility into access history by extending last accessed information to Amazon EC2, AWS IAM, and AWS Lambda management actions. This makes it easier for you to analyze access and reduce EC2, IAM, and Lambda permissions by providing the latest timestamp when an IAM user or role accessed an action. Using last accessed information, you can identify unused actions in your IAM policies and tighten permissions confidently.
You can use IAM last accessed information in the commercial regions through the IAM console or by using APIs with the AWS Command Line Interface (AWS CLI) or a programmatic client. To learn more about this feature, visit AWS Documentation.