IAM User

Identity and Access Management (IAM) User

Resource Type
AWS.IAM.User
Resource ID Format
For IAM Users, the resource ID is the ARN.
arn:aws:iam::123456789012:user/example-user
Background
This resource represents a snapshot for an AWS IAM user.
Fields
Field
Type
Description
CredentialReport
Map
This is a recent credential report generated for this user, including information such as whether password login is enabled, the last time access keys were rotated, whether MFA is required for logins, etc. GeneratedDate indicates at what time the credential report was generated, it is only generated approximately once every four hours and re-used in between. This is due to limitations in the AWS API. If a field requires a timestamp but was returned empty or as no_information or N/A or not_supported by AWS, it defaults to 0001-01-01T00:00:00Z. Be sure to write policies accordingly.
InlinePolicies
Map
A mapping of inline policy names to their policy documents
ManagedPolicyNames
List
AWS managed policies assigned to the user
Example
{
 "AccountId": "123456789012",
 "Arn": "arn:aws:iam::123456789012:user/example-user",
 "CredentialReport": {
 "ARN": "arn:aws:iam::123456789012:user/example-user",
 "AccessKey1Active": true,
 "AccessKey1LastRotated": "2019-01-01T00:00:00Z",
 "AccessKey1LastUsedDate": "0001-01-01T00:00:00Z",
 "AccessKey1LastUsedRegion": "N/A",
 "AccessKey1LastUsedService": "N/A",
 "AccessKey2Active": false,
 "AccessKey2LastRotated": "0001-01-01T00:00:00Z",
 "AccessKey2LastUsedDate": "0001-01-01T00:00:00Z",
 "AccessKey2LastUsedRegion": "N/A",
 "AccessKey2LastUsedService": "N/A",
 "Cert1Active": false,
 "Cert1LastRotated": "0001-01-01T00:00:00Z",
 "Cert2Active": false,
 "Cert2LastRotated": "0001-01-01T00:00:00Z",
 "MfaActive": false,
 "PasswordEnabled": true,
 "PasswordLastChanged": "2019-01-01T00:00:00Z",
 "PasswordLastUsed": "2019-01-01T00:00:00Z",
 "PasswordNextRotation": "2019-12-01T00:00:00Z",
 "UserCreationTime": "2019-01-01T00:00:00Z",
 "UserName": "example-user"
 },
 "Groups": [
 {
 "Arn": "arn:aws:iam::123456789012:group/example-group",
 "CreateDate": "2019-01-01T00:00:00Z",
 "GroupId": "1111",
 "GroupName": "example-group",
 "Path": "/"
 }
 ],
 "Id": "1111",
 "InlinePolicies": null,
 "ManagedPolicyNames": [
 "example-policy"
 ],
 "Name": "example-user",
 "PasswordLastUsed": "2019-01-01T00:00:00Z",
 "Path": "/",
 "PermissionsBoundary": null,
 "Region": "global",
 "ResourceId": "arn:aws:iam::123456789012:user/example-user",
 "ResourceType": "AWS.IAM.User",
 "Tags": null,
 "TimeCreated": "2019-01-01T00:00:00.000Z",
 "VirtualMFA": {
 "EnableDate": "2019-01-01T00:00:00Z",
 "SerialNumber": "arn:aws:iam::123456789012:mfa/example-mfa"
 }
}

IAM Root User

KMS Key

Last modified 2yr ago

Field	Type	Description
`CredentialReport`	`Map`	This is a recent credential report generated for this user, including information such as whether password login is enabled, the last time access keys were rotated, whether MFA is required for logins, etc. `GeneratedDate` indicates at what time the credential report was generated, it is only generated approximately once every four hours and re-used in between. This is due to limitations in the AWS API. If a field requires a timestamp but was returned empty or as `no_information` or `N/A` or `not_supported` by AWS, it defaults to `0001-01-01T00:00:00Z`. Be sure to write policies accordingly.
`InlinePolicies`	`Map`	A mapping of inline policy names to their policy documents
`ManagedPolicyNames`	`List`	AWS managed policies assigned to the user