How do I identify when an IAM access key was last used?

2 minute read
0

I want to know when an AWS Identity and Access Management (IAM) access key was last used.

Resolution

To get the access key usage information, use the AWS Command Line Interface (AWS CLI) or AWS CloudTrail event history. You can also use credential reports and notifications to monitor IAM access keys.

Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Use the AWS CLI

Run the get-access-key-last-used command:

aws iam get-access-key-last-used --access-key-id ASIAIOSFODNN7EXAMPLE

Note: Replace ASIAIOSFODNN7EXAMPLE with your access key ID.

The output includes the date and time that the access key was last used, the AWS service that was last used, and the AWS Region.

Use CloudTrail event history

Complete the following steps:

  1. Open the CloudTrail console, and then choose Event history.
  2. On the Lookup attributes menu, choose AWS access key.
  3. In the AWS access key search bar, enter the access key ID.
  4. In Filter by data and time, enter the time range, and then choose Apply.

The output includes the date and time that the access key was last used, the AWS service that was last used, and the Region.

Use credential reports and notifications to monitor IAM access keys

Generate a credentials report that lists all AWS accounts that include IAM access keys.

To set up notifications, see How can I set up alerts to see when an IAM access key is used?

To monitor IAM access keys, see How can I monitor the account activity of specific IAM users, roles, and AWS access keys?

Related information

Why is my Amazon EC2 instance using IAM user credentials instead of role credentials?

Finding unused access keys

AWS OFFICIAL
AWS OFFICIALUpdated a month ago
2 Comments

The cloudtrail history option only searches the last 90 days so is unreliable. Using the IAM Console or CLi is the best method

profile picture
EXPERT
replied a month ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied a month ago