- Newest
- Most votes
- Most comments
To confirm: You were using the IAM Management console, under users, "last activity" column for manual compliance reviews. And this column is not available in IAM Identity Center user console. Per https://aws.amazon.com/iam/identity-center/features/: Audit access events across applications and AWS accounts All administrative and multi-account access activity is recorded in AWS CloudTrail, giving you the visibility to audit IAM Identity Center activity centrally. Through CloudTrail, you can view activity such as sign in attempts, application assignments, and directory integration changes. For instance, you can see the applications that a user accessed over a given period or when a user was given access to a specific application. Are you using CloudTrail?
Relevant content
- asked a year ago
- Accepted Answerasked 10 months ago
- asked a year ago
- asked 3 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 6 months ago
Yes, among other thing the "last activity" column was used but the key thing that is reviewed was who has access to what, reviewing things as permission creeps etc and segregation of duties more of a governance review where the account owner was forced to make decisions if the right user/individuals had access to their account with the right policies in place (some of them may never have been used as they are there for incident management). So in this case I'm not really interested (but of course we are interested of that too) in what activity has happened rather the governance and decisions about what access rights is present for a user and within the accounts.
And yes, we have an AWS Organizations wide CloudTrail in place in line with AWS Well-Architected and delegated account for Identity Center in place where daily identity and access management takes place. Are there some good bluer prints in place to get started in what happens from an IAM perspective?