Have you ever needed to quickly look up the last time one of your users signed in to your AWS account? Or have you been following security best practices and want verify that no one in your organization has been signing in using the AWS root account? If you use AWS CloudTrail, the information is captured in the event logs. This is ideal if you need a historical record of sign ins over time, but what if you’re just looking for an at-a-glance view of a user’s most recent sign in?
To help you identify when AWS passwords were last used, the IAM (Identity and Access Management) console now displays the date and time when an IAM user or root account last signed in to the AWS Management Console, the AWS forums, the AWS Support Center, or AWS Marketplace. This builds on the credential lifecycle management features for managing your IAM users’ passwords that we released in July 2014. “Last sign in” information complements what you get from AWS CloudTrail, so that you get both an at-a-glance view in the IAM console or credential reports, in addition to the more comprehensive event logs in CloudTrail.
Let’s take a look at how you can view last sign in time for your IAM users and how to take a snapshot of last sign in times for your entire account.
View "Last Sign In" Information for IAM Users
In the IAM console, the date and time of last sign in is now one of the attributes in the user list, as shown below in the column Password Last Used:
If you click on an individual user, last sign in is also one of the security credential details that we display about the user’s password, access keys, and MFA device.
Export a "Last Sign In" Snapshot for Your Entire Account
If you’re looking for a snapshot of when all of your users (as well as the root account) last signed in, you can download a credential report. The report lists your IAM users and includes the status of their security credentials, along with details such as whether MFA is activated, when their passwords were last rotated, and so on. You can download reports via the IAM console by clicking Credential Report, or programmatically using the IAM API or AWS CLI. This is what it looks like from the IAM console.
To learn more about this new feature, check out the IAM User Guide. As a reminder, IAM is a feature of your AWS account and is available at no additional cost. You can get started today with IAM by visiting the IAM console. Have a question? Feel free to post to the IAM forum.
- Kai Zhao