Use GenerateServiceLastAccessedDetails with a CLI - AWS SDK Code Examples

There are more AWS SDK examples available in the AWS Doc SDK Examples GitHub repo.

Use GenerateServiceLastAccessedDetails with a CLI

The following code examples show how to use GenerateServiceLastAccessedDetails.

CLI
AWS CLI

Example 1: To generate a service access report for a custom policy

The following generate-service-last-accessed-details example starts a background job to generate a report that lists the services accessed by IAM users and other entities with a custom policy named intern-boundary. You can display the report after it is created by running the get-service-last-accessed-details command.

aws iam generate-service-last-accessed-details \
    --arn arn:aws:iam::123456789012:policy/intern-boundary

Output:

{
    "JobId": "2eb6c2b8-7b4c-3xmp-3c13-03b72c8cdfdc"
}

Example 2: To generate a service access report for the AWS managed AdministratorAccess policy

The following generate-service-last-accessed-details example starts a background job to generate a report that lists the services accessed by IAM users and other entities with the AWS managed AdministratorAccess policy. You can display the report after it is created by running the get-service-last-accessed-details command.

aws iam generate-service-last-accessed-details \
    --arn arn:aws:iam::aws:policy/AdministratorAccess

Output:

{
    "JobId": "78b6c2ba-d09e-6xmp-7039-ecde30b26916"
}

For more information, see Refining permissions in AWS using last accessed information in the AWS IAM User Guide.

PowerShell
Tools for PowerShell

Example 1: This example is equivalent cmdlet of GenerateServiceLastAccessedDetails API. This provides with a job id which can be used in Get-IAMServiceLastAccessedDetail and Get-IAMServiceLastAccessedDetailWithEntity

Request-IAMServiceLastAccessedDetail -Arn arn:aws:iam::123456789012:user/TestUser