Getting Credential Reports for your AWS Account





Understanding the Report Format

Credential reports are formatted in Comma-Separated Values (CSV) files and they contain following columns:
  1. user- The friendly name of the user.
  2. arn- The Amazon Resource Name (ARN) of the user.
  3. user_creation_time- The date and time when a user was created, in ISO 8601 date-time format.
  4. password_enabled- This value is True when a user has a password, otherwise it's False. However, for AWS account root user, the value is not_supported.
  5. password_last_used- Date and time at which the IAM user's as well as the AWS account root user's password was last used, in ISO 8601 date-time format.
  6. password_last_changed- The date and time at which the user's password was last set (in ISO 8601 date-time format).
  7. password_next_rotation- This one also shows the date and time at which the user is required to set a new password (in ISO 8601 date-time format).
  8. mfa_active- If an MFA device is enabled for a user, then, this value is True otherwise it's False.
  9. access_key_1_active- If the access key is active, then, the value is True otherwise it's False. 
  10. access_key_1_last_rotated- It contains the date and time (in ISO 8601 date-time format) at which the access key was last created or changed. It's N/A if there's no access key.
  11. access_key_1_last_used_date- The date and time at which the user's was most recently used to sign an AWS API request.
  12. access_key_1_last_used_region- The AWS Region in which the access key was most recently used.
  13. access_key_1_last_used_service- The most recently accessed AWS service with the access key.
  14. access_key_2_active- If there's a second access key and it's Active this value is True otherwise False.
  15. access_key_2_last_rotated- The date and time at which the second access key was created or last changed.
  16. access_key_2_last_used_date- The date and time at which the second access key was most recently used to sign an AWS API request.
  17. access_key_2_last_used_region- The AWS Region in which the user's second access key was most recently used.
  18. cert_1_active- If the user's X.509 signing certificate's status is Active, then, this value is True otherwise it's False.
  19. cert_1_last_rotated- It's the date and time when the user's signing certificate was created or last changed.
  20. cert_2_active- If the user's second X.509 signing certificate's status is Active, then, this value is True otherwise it's False.
  21. cert_2_last_rotated- It's the date and time when the user's second signing certificate was created or last changed.

Getting Credential Reports (Console)

The AWS Management Console can help in downloading a credential report as a CSV file.

To download a credential report (console)

  1. Firstly, sign-in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
  2. Now, select Credential Report in the navigation pane.
  3. After that you can go for Download Report.

Getting Credential Reports (AWS CLI)

To download a credentials report (AWS CLI)
  1. First of all, generate a credentials report and as AWS only stores a single report, the new one will overwrite the previous one. aws iam generate_credential_report.
  2. Now, you can view the last generated report: aws iam get_credential_report.

Getting Credential Reports (AWS API)

To download a credentials report (AWS API)
  1. First of all, generate a credentials report and as AWS only stores a single report, the new one will overwrite the previous one. GenerateCredentialReport.
  2. Now, you can view the last generated report: GetCredentialReport.























































Comments

Popular posts from this blog

Deployment (Part 3)

Project Resourcing (Part 2)

Design Planning (Part 3)