Posted On: Sep 14, 2023

AWS Identity and Access Management (IAM) now provides action last accessed information for more than 140 services to help you refine the permissions of your IAM roles. You can review action last accessed information, identify unused permissions, and refine to scope down the access of your IAM roles to only the actions that they use for services such as Amazon CloudWatch, AWS Key Management Service (AWS KMS), and Elastic Load Balancing (ELB). 

You can use action last accessed information as part of your periodic review process to restrict the access granted to IAM roles to just the required permissions. For example, you can view whether an IAM role performed an action of the CloudWatch service. Then, you can refine the IAM policy to grant only the permissions your IAM role requires to access and manage your workloads.

Last accessed information is available in all AWS Regions where the corresponding AWS services are supported. To view a complete list of all supported services and their actions, see IAM last accessed information services and actions.

To learn more about action last accessed, see the IAM User Guide on action last accessed information. To get started using action last accessed information, navigate to the Access Advisor tab of any of your IAM resources in the IAM console.