IAM User

Identity and Access Management (IAM) User

Resource Type

AWS.IAM.User

Resource ID Format

For IAM Users, the resource ID is the ARN.

arn:aws:iam::123456789012:user/example-user

Background

This resource represents a snapshot for an AWS IAM user.

Fields

Field

Type

Description

CredentialReport

Map

This is a recent credential report generated for this user, including information such as whether password login is enabled, the last time access keys were rotated, whether MFA is required for logins, etc. GeneratedDate indicates at what time the credential report was generated, it is only generated approximately once every four hours and re-used in between. This is due to limitations in the AWS API. If a field requires a timestamp but was returned empty or as no_information or N/A or not_supported by AWS, it defaults to 0001-01-01T00:00:00Z. Be sure to write policies accordingly.

InlinePolicies

Map

A mapping of inline policy names to their policy documents

ManagedPolicyNames

List

AWS managed policies assigned to the user

Example

{
    "AccountId": "123456789012",
    "Arn": "arn:aws:iam::123456789012:user/example-user",
    "CredentialReport": {
        "ARN": "arn:aws:iam::123456789012:user/example-user",
        "AccessKey1Active": true,
        "AccessKey1LastRotated": "2019-01-01T00:00:00Z",
        "AccessKey1LastUsedDate": "0001-01-01T00:00:00Z",
        "AccessKey1LastUsedRegion": "N/A",
        "AccessKey1LastUsedService": "N/A",
        "AccessKey2Active": false,
        "AccessKey2LastRotated": "0001-01-01T00:00:00Z",
        "AccessKey2LastUsedDate": "0001-01-01T00:00:00Z",
        "AccessKey2LastUsedRegion": "N/A",
        "AccessKey2LastUsedService": "N/A",
        "Cert1Active": false,
        "Cert1LastRotated": "0001-01-01T00:00:00Z",
        "Cert2Active": false,
        "Cert2LastRotated": "0001-01-01T00:00:00Z",
        "MfaActive": false,
        "PasswordEnabled": true,
        "PasswordLastChanged": "2019-01-01T00:00:00Z",
        "PasswordLastUsed": "2019-01-01T00:00:00Z",
        "PasswordNextRotation": "2019-12-01T00:00:00Z",
        "UserCreationTime": "2019-01-01T00:00:00Z",
        "UserName": "example-user"
    },
    "Groups": [
        {
            "Arn": "arn:aws:iam::123456789012:group/example-group",
            "CreateDate": "2019-01-01T00:00:00Z",
            "GroupId": "1111",
            "GroupName": "example-group",
            "Path": "/"
        }
    ],
    "Id": "1111",
    "InlinePolicies": null,
    "ManagedPolicyNames": [
        "example-policy"
    ],
    "Name": "example-user",
    "PasswordLastUsed": "2019-01-01T00:00:00Z",
    "Path": "/",
    "PermissionsBoundary": null,
    "Region": "global",
    "ResourceId": "arn:aws:iam::123456789012:user/example-user",
    "ResourceType": "AWS.IAM.User",
    "Tags": null,
    "TimeCreated": "2019-01-01T00:00:00.000Z",
    "VirtualMFA": {
        "EnableDate": "2019-01-01T00:00:00Z",
        "SerialNumber": "arn:aws:iam::123456789012:mfa/example-mfa"
    }
}

Last updated

#1924: [don't merge until ~Oct] Notion Logs (Beta)

Change request updated