Search code examples
amazon-web-servicesboto3aws-cli

Find user's last ActivityTime

I can't use 'PasswordLastUsed' from client.list_users() because a user can enter AWS without a password.

In IAM User console there is a Last activity column and it can detect console access. AWS Console Screenshot

Solution

  • Getting an IAM user's account activity is a tricky one as a local IAM user can authenticate using either a console password or an IAM Access Key

    Do the below to get last activity -

    1. Check if console password is enabled using getLoginProfile() method and check when it was last used. This function returns null if there is no console password enabled for that IAM user
    2. Check if the IAM user has Access Keys associated with it using the method iam.user.access_keys.all() (you can have max of 2 active ones). Check when was the user last logged in from any of the access keys.
    3. The most recent date you get from #1 and #2 above will be your user's last activity

    Hope this helps.