AWS Security Blog

The IAM Console Now Helps Prevent You from Accidentally Deleting In-Use Resources

Deleting unused resources can help to improve the security of your AWS account and make your account easier to manage. However, if you have ever been unsure of whether an AWS Identity and Access Management (IAM) user or role was being used actively, you probably erred on the side of caution and kept it.

Starting today, the IAM console shows service last accessed data as part of the process of deleting an IAM user or role. Now you have additional data that shows you when a resource was last active so that you can make a more informed decision about whether or not to delete it.

The following screenshot shows the new confirmation dialog box, which now displays the last activity date of the item selected for deletion. You can click last activity to see which services the resource used and when.

Image of new confirmation dialog box

You don’t need to do anything to get started with this new experience: it is now available to all AWS customers in the IAM console.

The IAM team would like to hear your thoughts about this feature. If you have comments about this release, leave a comment below or on the IAM forum.

– Kai