Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

AccessDetail

PDF
Focus mode
AccessDetail - AWS Identity and Access Management
ContentsSee Also

An object that contains details about when a principal in the reported AWS Organizations entity last attempted to access an AWS service. A principal can be an IAM user, an IAM role, or the AWS account root user within the reported Organizations entity.

This data type is a response element in the GetOrganizationsAccessReport operation.

Contents

ServiceName

The name of the service in which access was attempted.

Type: String

Required: Yes

ServiceNamespace

The namespace of the service in which access was attempted.

To learn the service namespace of a service, see Actions, resources, and condition keys for AWS services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see AWS service namespaces in the  AWS General Reference.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w-]*

Required: Yes

EntityPath

The path of the Organizations entity (root, organizational unit, or account) from which an authenticated principal last attempted to access the service. AWS does not report unauthenticated requests.

This field is null if no principals (IAM users, IAM roles, or root user) in the reported Organizations entity attempted to access the service within the tracking period.

Type: String

Length Constraints: Minimum length of 19. Maximum length of 427.

Pattern: ^o-[0-9a-z]{10,32}\/r-[0-9a-z]{4,32}[0-9a-z-\/]*

Required: No

LastAuthenticatedTime

The date and time, in ISO 8601 date-time format, when an authenticated principal most recently attempted to access the service. AWS does not report unauthenticated requests.

This field is null if no principals in the reported Organizations entity attempted to access the service within the tracking period.

Type: Timestamp

Required: No

Region

The Region where the last service access attempt occurred.

This field is null if no principals in the reported Organizations entity attempted to access the service within the tracking period.

Type: String

Required: No

TotalAuthenticatedEntities

The number of accounts with authenticated principals (root user, IAM users, and IAM roles) that attempted to access the service in the tracking period.

Type: Integer

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.