I want to know when an AWS Identity and Access Management (IAM) access key was last used.
Resolution
To get the access key usage information, use the AWS Command Line Interface (AWS CLI) or AWS CloudTrail event history. You can also use credential reports and notifications to monitor IAM access keys.
Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.
Use the AWS CLI
Run the get-access-key-last-used command:
aws iam get-access-key-last-used --access-key-id ASIAIOSFODNN7EXAMPLE
Note: Replace ASIAIOSFODNN7EXAMPLE with your access key ID.
The output includes the date and time that the access key was last used, the AWS service that was last used, and the AWS Region.
Use CloudTrail event history
Complete the following steps:
- Open the CloudTrail console, and then choose Event history.
- On the Lookup attributes menu, choose AWS access key.
- In the AWS access key search bar, enter the access key ID.
- In Filter by data and time, enter the time range, and then choose Apply.
The output includes the date and time that the access key was last used, the AWS service that was last used, and the Region.
Use credential reports and notifications to monitor IAM access keys
Generate a credentials report that lists all AWS accounts that include IAM access keys.
To set up notifications, see How can I set up alerts to see when an IAM access key is used?
To monitor IAM access keys, see How can I monitor the account activity of specific IAM users, roles, and AWS access keys?
Related information
Why is my Amazon EC2 instance using IAM user credentials instead of role credentials?
Finding unused access keys