Getting Credential Reports for your AWS Account
Understanding the Report Format
Credential reports are formatted in Comma-Separated Values (CSV) files and they contain following columns:
- user- The friendly name of the user.
- arn- The Amazon Resource Name (ARN) of the user.
- user_creation_time- The date and time when a user was created, in ISO 8601 date-time format.
- password_enabled- This value is True when a user has a password, otherwise it's False. However, for AWS account root user, the value is not_supported.
- password_last_used- Date and time at which the IAM user's as well as the AWS account root user's password was last used, in ISO 8601 date-time format.
- password_last_changed- The date and time at which the user's password was last set (in ISO 8601 date-time format).
- password_next_rotation- This one also shows the date and time at which the user is required to set a new password (in ISO 8601 date-time format).
- mfa_active- If an MFA device is enabled for a user, then, this value is True otherwise it's False.
- access_key_1_active- If the access key is active, then, the value is True otherwise it's False.
- access_key_1_last_rotated- It contains the date and time (in ISO 8601 date-time format) at which the access key was last created or changed. It's N/A if there's no access key.
- access_key_1_last_used_date- The date and time at which the user's was most recently used to sign an AWS API request.
- access_key_1_last_used_region- The AWS Region in which the access key was most recently used.
- access_key_1_last_used_service- The most recently accessed AWS service with the access key.
- access_key_2_active- If there's a second access key and it's Active this value is True otherwise False.
- access_key_2_last_rotated- The date and time at which the second access key was created or last changed.
- access_key_2_last_used_date- The date and time at which the second access key was most recently used to sign an AWS API request.
- access_key_2_last_used_region- The AWS Region in which the user's second access key was most recently used.
- cert_1_active- If the user's X.509 signing certificate's status is Active, then, this value is True otherwise it's False.
- cert_1_last_rotated- It's the date and time when the user's signing certificate was created or last changed.
- cert_2_active- If the user's second X.509 signing certificate's status is Active, then, this value is True otherwise it's False.
- cert_2_last_rotated- It's the date and time when the user's second signing certificate was created or last changed.
Getting Credential Reports (Console)
The AWS Management Console can help in downloading a credential report as a CSV file.
To download a credential report (console)
- Firstly, sign-in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
- Now, select Credential Report in the navigation pane.
- After that you can go for Download Report.
Getting Credential Reports (AWS CLI)
To download a credentials report (AWS CLI)
- First of all, generate a credentials report and as AWS only stores a single report, the new one will overwrite the previous one. aws iam generate_credential_report.
- Now, you can view the last generated report: aws iam get_credential_report.
Getting Credential Reports (AWS API)
To download a credentials report (AWS API)
- First of all, generate a credentials report and as AWS only stores a single report, the new one will overwrite the previous one. GenerateCredentialReport.
- Now, you can view the last generated report: GetCredentialReport.
Comments
Post a Comment