IAM User
Identity and Access Management (IAM) User

Resource Type

AWS.IAM.User

Resource ID Format

For IAM Users, the resource ID is the ARN.
arn:aws:iam::123456789012:user/example-user

Background

This resource represents a snapshot for an AWS IAM user.

Fields

Field
Type
Description
CredentialReport
Map
This is a recent credential report generated for this user, including information such as whether password login is enabled, the last time access keys were rotated, whether MFA is required for logins, etc. GeneratedDate indicates at what time the credential report was generated, it is only generated approximately once every four hours and re-used in between. This is due to limitations in the AWS API. If a field requires a timestamp but was returned empty or as no_information or N/A or not_supported by AWS, it defaults to 0001-01-01T00:00:00Z. Be sure to write policies accordingly.
InlinePolicies
Map
A mapping of inline policy names to their policy documents
ManagedPolicyNames
List
AWS managed policies assigned to the user

Example

{
"AccountId": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/example-user",
"CredentialReport": {
"ARN": "arn:aws:iam::123456789012:user/example-user",
"AccessKey1Active": true,
"AccessKey1LastRotated": "2019-01-01T00:00:00Z",
"AccessKey1LastUsedDate": "0001-01-01T00:00:00Z",
"AccessKey1LastUsedRegion": "N/A",
"AccessKey1LastUsedService": "N/A",
"AccessKey2Active": false,
"AccessKey2LastRotated": "0001-01-01T00:00:00Z",
"AccessKey2LastUsedDate": "0001-01-01T00:00:00Z",
"AccessKey2LastUsedRegion": "N/A",
"AccessKey2LastUsedService": "N/A",
"Cert1Active": false,
"Cert1LastRotated": "0001-01-01T00:00:00Z",
"Cert2Active": false,
"Cert2LastRotated": "0001-01-01T00:00:00Z",
"MfaActive": false,
"PasswordEnabled": true,
"PasswordLastChanged": "2019-01-01T00:00:00Z",
"PasswordLastUsed": "2019-01-01T00:00:00Z",
"PasswordNextRotation": "2019-12-01T00:00:00Z",
"UserCreationTime": "2019-01-01T00:00:00Z",
"UserName": "example-user"
},
"Groups": [
{
"Arn": "arn:aws:iam::123456789012:group/example-group",
"CreateDate": "2019-01-01T00:00:00Z",
"GroupId": "1111",
"GroupName": "example-group",
"Path": "/"
}
],
"Id": "1111",
"InlinePolicies": null,
"ManagedPolicyNames": [
"example-policy"
],
"Name": "example-user",
"PasswordLastUsed": "2019-01-01T00:00:00Z",
"Path": "/",
"PermissionsBoundary": null,
"Region": "global",
"ResourceId": "arn:aws:iam::123456789012:user/example-user",
"ResourceType": "AWS.IAM.User",
"Tags": null,
"TimeCreated": "2019-01-01T00:00:00.000Z",
"VirtualMFA": {
"EnableDate": "2019-01-01T00:00:00Z",
"SerialNumber": "arn:aws:iam::123456789012:mfa/example-mfa"
}
}