AwsIamAccessKeyDetails - AWS Security Hub

AwsIamAccessKeyDetails

IAM access key details related to a finding.

Contents

AccessKeyId

The identifier of the access key.

Type: String

Pattern: .*\S.*

Required: No

AccountId

The AWS account ID of the account for the key.

Type: String

Pattern: .*\S.*

Required: No

CreatedAt

Indicates when the IAM access key was created.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats that you can send to Security Hub:

  • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)

  • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)

  • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)

  • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

If a finding provider sends a finding to Security Hub that contains a timestamp in nanoseconds, we round it to milliseconds. For example, we round 2024-10-31T23:00:00.123456789Z to 2024-10-31T23:00:00.123Z.

Type: String

Pattern: .*\S.*

Required: No

PrincipalId

The ID of the principal associated with an access key.

Type: String

Pattern: .*\S.*

Required: No

PrincipalName

The name of the principal.

Type: String

Pattern: .*\S.*

Required: No

PrincipalType

The type of principal associated with an access key.

Type: String

Pattern: .*\S.*

Required: No

SessionContext

Information about the session that the key was used for.

Type: AwsIamAccessKeySessionContext object

Required: No

Status

The status of the IAM access key related to a finding.

Type: String

Valid Values: Active | Inactive

Required: No

UserName

This member has been deprecated.

The user associated with the IAM access key related to a finding.

The UserName parameter has been replaced with the PrincipalName parameter because access keys can also be assigned to principals that are not IAM users.

Type: String

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: