aws_accessanalyzer_analyzeraws_accessanalyzer_findingaws_accountaws_account_alternate_contactaws_account_contactaws_acm_certificateaws_acmpca_certificate_authorityaws_amplify_appaws_api_gateway_api_keyaws_api_gateway_authorizeraws_api_gateway_domain_nameaws_api_gateway_methodaws_api_gateway_rest_apiaws_api_gateway_stageaws_api_gateway_usage_planaws_api_gatewayv2_apiaws_api_gatewayv2_domain_nameaws_api_gatewayv2_integrationaws_api_gatewayv2_routeaws_api_gatewayv2_stageaws_app_runner_serviceaws_appautoscaling_policyaws_appautoscaling_targetaws_appconfig_applicationaws_appstream_fleetaws_appstream_imageaws_appsync_graphql_apiaws_athena_query_executionaws_athena_workgroupaws_auditmanager_assessmentaws_auditmanager_controlaws_auditmanager_evidenceaws_auditmanager_evidence_folderaws_auditmanager_frameworkaws_availability_zoneaws_backup_frameworkaws_backup_jobaws_backup_legal_holdaws_backup_planaws_backup_protected_resourceaws_backup_recovery_pointaws_backup_report_planaws_backup_selectionaws_backup_vaultaws_cloudcontrol_resourceaws_cloudformation_stackaws_cloudformation_stack_resourceaws_cloudformation_stack_setaws_cloudfront_cache_policyaws_cloudfront_distributionaws_cloudfront_functionaws_cloudfront_origin_access_identityaws_cloudfront_origin_request_policyaws_cloudfront_response_headers_policyaws_cloudsearch_domainaws_cloudtrail_channelaws_cloudtrail_event_data_storeaws_cloudtrail_importaws_cloudtrail_lookup_eventaws_cloudtrail_queryaws_cloudtrail_trailaws_cloudtrail_trail_eventaws_cloudwatch_alarmaws_cloudwatch_log_eventaws_cloudwatch_log_groupaws_cloudwatch_log_metric_filteraws_cloudwatch_log_resource_policyaws_cloudwatch_log_streamaws_cloudwatch_log_subscription_filteraws_cloudwatch_metricaws_cloudwatch_metric_data_pointaws_cloudwatch_metric_statistic_data_pointaws_codeartifact_domainaws_codeartifact_repositoryaws_codebuild_buildaws_codebuild_projectaws_codebuild_source_credentialaws_codecommit_repositoryaws_codedeploy_appaws_codedeploy_deployment_configaws_codedeploy_deployment_groupaws_codepipeline_pipelineaws_codestar_notification_ruleaws_cognito_identity_poolaws_cognito_identity_provideraws_cognito_user_poolaws_config_aggregate_authorizationaws_config_configuration_recorderaws_config_conformance_packaws_config_retention_configurationaws_config_ruleaws_cost_by_account_dailyaws_cost_by_account_monthlyaws_cost_by_record_type_dailyaws_cost_by_record_type_monthlyaws_cost_by_service_dailyaws_cost_by_service_monthlyaws_cost_by_service_usage_type_dailyaws_cost_by_service_usage_type_monthlyaws_cost_by_tagaws_cost_forecast_dailyaws_cost_forecast_monthlyaws_cost_usageaws_dax_clusteraws_dax_parameteraws_dax_parameter_groupaws_dax_subnet_groupaws_directory_service_certificateaws_directory_service_directoryaws_directory_service_log_subscriptionaws_directory_servicelog_subscriptionaws_dlm_lifecycle_policyaws_dms_certificateaws_dms_endpointaws_dms_replication_instanceaws_dms_replication_taskaws_docdb_clusteraws_docdb_cluster_instanceaws_docdb_cluster_snapshotaws_drs_jobaws_drs_recovery_instanceaws_drs_recovery_snapshotaws_drs_source_serveraws_dynamodb_backupaws_dynamodb_global_tableaws_dynamodb_metric_account_provisioned_read_capacity_utilaws_dynamodb_metric_account_provisioned_write_capacity_utilaws_dynamodb_tableaws_dynamodb_table_exportaws_ebs_snapshotaws_ebs_volumeaws_ebs_volume_metric_read_opsaws_ebs_volume_metric_read_ops_dailyaws_ebs_volume_metric_read_ops_hourlyaws_ebs_volume_metric_write_opsaws_ebs_volume_metric_write_ops_dailyaws_ebs_volume_metric_write_ops_hourlyaws_ec2_amiaws_ec2_ami_sharedaws_ec2_application_load_balanceraws_ec2_application_load_balancer_metric_request_countaws_ec2_application_load_balancer_metric_request_count_dailyaws_ec2_autoscaling_groupaws_ec2_capacity_reservationaws_ec2_classic_load_balanceraws_ec2_client_vpn_endpointaws_ec2_gateway_load_balanceraws_ec2_instanceaws_ec2_instance_availabilityaws_ec2_instance_metric_cpu_utilizationaws_ec2_instance_metric_cpu_utilization_dailyaws_ec2_instance_metric_cpu_utilization_hourlyaws_ec2_instance_typeaws_ec2_key_pairaws_ec2_launch_configurationaws_ec2_launch_templateaws_ec2_launch_template_versionaws_ec2_load_balancer_listeneraws_ec2_load_balancer_listener_ruleaws_ec2_managed_prefix_listaws_ec2_managed_prefix_list_entryaws_ec2_network_interfaceaws_ec2_network_load_balanceraws_ec2_network_load_balancer_metric_net_flow_countaws_ec2_network_load_balancer_metric_net_flow_count_dailyaws_ec2_regional_settingsaws_ec2_reserved_instanceaws_ec2_spot_priceaws_ec2_ssl_policyaws_ec2_target_groupaws_ec2_transit_gatewayaws_ec2_transit_gateway_routeaws_ec2_transit_gateway_route_tableaws_ec2_transit_gateway_vpc_attachmentaws_ecr_imageaws_ecr_image_scan_findingaws_ecr_registry_scanning_configurationaws_ecr_repositoryaws_ecrpublic_repositoryaws_ecs_clusteraws_ecs_cluster_metric_cpu_utilizationaws_ecs_cluster_metric_cpu_utilization_dailyaws_ecs_cluster_metric_cpu_utilization_hourlyaws_ecs_container_instanceaws_ecs_serviceaws_ecs_taskaws_ecs_task_definitionaws_efs_access_pointaws_efs_file_systemaws_efs_mount_targetaws_eks_addonaws_eks_addon_versionaws_eks_clusteraws_eks_fargate_profileaws_eks_identity_provider_configaws_eks_node_groupaws_elastic_beanstalk_applicationaws_elastic_beanstalk_application_versionaws_elastic_beanstalk_environmentaws_elasticache_clusteraws_elasticache_parameter_groupaws_elasticache_redis_metric_cache_hits_hourlyaws_elasticache_redis_metric_curr_connections_hourlyaws_elasticache_redis_metric_engine_cpu_utilization_dailyaws_elasticache_redis_metric_engine_cpu_utilization_hourlyaws_elasticache_redis_metric_get_type_cmds_hourlyaws_elasticache_redis_metric_list_based_cmds_hourlyaws_elasticache_redis_metric_new_connections_hourlyaws_elasticache_replication_groupaws_elasticache_reserved_cache_nodeaws_elasticache_subnet_groupaws_elasticsearch_domainaws_emr_block_public_access_configurationaws_emr_clusteraws_emr_cluster_metric_is_idleaws_emr_instanceaws_emr_instance_fleetaws_emr_instance_groupaws_emr_security_configurationaws_eventbridge_busaws_eventbridge_ruleaws_fms_app_listaws_fms_policyaws_fsx_file_systemaws_glacier_vaultaws_globalaccelerator_acceleratoraws_globalaccelerator_endpoint_groupaws_globalaccelerator_listeneraws_glue_catalog_databaseaws_glue_catalog_tableaws_glue_connectionaws_glue_crawleraws_glue_data_catalog_encryption_settingsaws_glue_data_quality_rulesetaws_glue_dev_endpointaws_glue_jobaws_glue_security_configurationaws_guardduty_detectoraws_guardduty_filteraws_guardduty_findingaws_guardduty_ipsetaws_guardduty_memberaws_guardduty_publishing_destinationaws_guardduty_threat_intel_setaws_health_affected_entityaws_health_eventaws_iam_access_advisoraws_iam_access_keyaws_iam_account_password_policyaws_iam_account_summaryaws_iam_actionaws_iam_credential_reportaws_iam_groupaws_iam_open_id_connect_provideraws_iam_policyaws_iam_policy_attachmentaws_iam_policy_simulatoraws_iam_roleaws_iam_saml_provideraws_iam_server_certificateaws_iam_service_specific_credentialaws_iam_useraws_iam_virtual_mfa_deviceaws_identitystore_groupaws_identitystore_group_membershipaws_identitystore_useraws_inspector2_coverageaws_inspector2_coverage_statisticsaws_inspector2_findingaws_inspector2_memberaws_inspector_assessment_runaws_inspector_assessment_targetaws_inspector_assessment_templateaws_inspector_exclusionaws_inspector_findingaws_iot_fleet_metricaws_iot_thingaws_iot_thing_groupaws_iot_thing_typeaws_kinesis_consumeraws_kinesis_firehose_delivery_streamaws_kinesis_streamaws_kinesis_video_streamaws_kinesisanalyticsv2_applicationaws_kms_aliasaws_kms_keyaws_kms_key_rotationaws_lambda_aliasaws_lambda_event_source_mappingaws_lambda_functionaws_lambda_function_metric_duration_dailyaws_lambda_function_metric_errors_dailyaws_lambda_function_metric_invocations_dailyaws_lambda_layeraws_lambda_layer_versionaws_lambda_versionaws_lightsail_bucketaws_lightsail_instanceaws_macie2_classification_jobaws_media_store_containeraws_memorydb_clusteraws_mgn_applicationaws_mq_brokeraws_msk_clusteraws_msk_serverless_clusteraws_neptune_db_clusteraws_neptune_db_cluster_snapshotaws_networkfirewall_firewallaws_networkfirewall_firewall_policyaws_networkfirewall_rule_groupaws_oam_linkaws_oam_sinkaws_opensearch_domainaws_organizations_accountaws_organizations_organizational_unitaws_organizations_policyaws_organizations_policy_targetaws_organizations_rootaws_pinpoint_appaws_pipes_pipeaws_pricing_productaws_pricing_service_attributeaws_ram_principal_associationaws_ram_resource_associationaws_rds_db_clusteraws_rds_db_cluster_parameter_groupaws_rds_db_cluster_snapshotaws_rds_db_engine_versionaws_rds_db_event_subscriptionaws_rds_db_instanceaws_rds_db_instance_automated_backupaws_rds_db_instance_metric_connectionsaws_rds_db_instance_metric_connections_dailyaws_rds_db_instance_metric_connections_hourlyaws_rds_db_instance_metric_cpu_utilizationaws_rds_db_instance_metric_cpu_utilization_dailyaws_rds_db_instance_metric_cpu_utilization_hourlyaws_rds_db_instance_metric_read_iopsaws_rds_db_instance_metric_read_iops_dailyaws_rds_db_instance_metric_read_iops_hourlyaws_rds_db_instance_metric_write_iopsaws_rds_db_instance_metric_write_iops_dailyaws_rds_db_instance_metric_write_iops_hourlyaws_rds_db_option_groupaws_rds_db_parameter_groupaws_rds_db_proxyaws_rds_db_recommendationaws_rds_db_snapshotaws_rds_db_subnet_groupaws_rds_reserved_db_instanceaws_redshift_clusteraws_redshift_cluster_metric_cpu_utilization_dailyaws_redshift_event_subscriptionaws_redshift_parameter_groupaws_redshift_snapshotaws_redshift_subnet_groupaws_redshiftserverless_namespaceaws_redshiftserverless_workgroupaws_regionaws_resource_explorer_indexaws_resource_explorer_searchaws_resource_explorer_supported_resource_typeaws_route53_domainaws_route53_health_checkaws_route53_query_logaws_route53_recordaws_route53_resolver_endpointaws_route53_resolver_query_log_configaws_route53_resolver_ruleaws_route53_traffic_policyaws_route53_traffic_policy_instanceaws_route53_vpc_association_authorizationaws_route53_zoneaws_s3_access_pointaws_s3_account_settingsaws_s3_bucketaws_s3_bucket_intelligent_tiering_configurationaws_s3_multi_region_access_pointaws_s3_objectaws_s3_object_versionaws_sagemaker_appaws_sagemaker_domainaws_sagemaker_endpoint_configurationaws_sagemaker_modelaws_sagemaker_notebook_instanceaws_sagemaker_training_jobaws_secretsmanager_secretaws_securityhub_action_targetaws_securityhub_enabled_product_subscriptionaws_securityhub_findingaws_securityhub_finding_aggregatoraws_securityhub_hubaws_securityhub_insightaws_securityhub_memberaws_securityhub_productaws_securityhub_standards_controlaws_securityhub_standards_subscriptionaws_securitylake_data_lakeaws_securitylake_subscriberaws_serverlessapplicationrepository_applicationaws_service_discovery_instanceaws_service_discovery_namespaceaws_service_discovery_serviceaws_servicecatalog_portfolioaws_servicecatalog_productaws_servicecatalog_provisioned_productaws_servicequotas_default_service_quotaaws_servicequotas_serviceaws_servicequotas_service_quotaaws_servicequotas_service_quota_change_requestaws_ses_domain_identityaws_ses_email_identityaws_sfn_state_machineaws_sfn_state_machine_executionaws_sfn_state_machine_execution_historyaws_simspaceweaver_simulationaws_sns_subscriptionaws_sns_topicaws_sns_topic_subscriptionaws_sqs_queueaws_ssm_associationaws_ssm_documentaws_ssm_document_permissionaws_ssm_inventoryaws_ssm_inventory_entryaws_ssm_maintenance_windowaws_ssm_managed_instanceaws_ssm_managed_instance_complianceaws_ssm_managed_instance_patch_stateaws_ssm_parameteraws_ssm_patch_baselineaws_ssmincidents_response_planaws_ssoadmin_account_assignmentaws_ssoadmin_instanceaws_ssoadmin_managed_policy_attachmentaws_ssoadmin_permission_setaws_sts_caller_identityaws_tagging_resourceaws_timestreamwrite_databaseaws_timestreamwrite_tableaws_transfer_serveraws_transfer_useraws_trusted_advisor_check_summaryaws_vpcaws_vpc_customer_gatewayaws_vpc_dhcp_optionsaws_vpc_egress_only_internet_gatewayaws_vpc_eipaws_vpc_eip_address_transferaws_vpc_endpointaws_vpc_endpoint_serviceaws_vpc_flow_logaws_vpc_flow_log_eventaws_vpc_internet_gatewayaws_vpc_nat_gatewayaws_vpc_nat_gateway_metric_bytes_out_to_destinationaws_vpc_network_aclaws_vpc_peering_connectionaws_vpc_routeaws_vpc_route_tableaws_vpc_security_groupaws_vpc_security_group_ruleaws_vpc_subnetaws_vpc_verified_access_endpointaws_vpc_verified_access_groupaws_vpc_verified_access_instanceaws_vpc_verified_access_trust_provideraws_vpc_vpn_connectionaws_vpc_vpn_gatewayaws_waf_rate_based_ruleaws_waf_ruleaws_waf_rule_groupaws_waf_web_aclaws_wafregional_ruleaws_wafregional_rule_groupaws_wafregional_web_aclaws_wafv2_ip_setaws_wafv2_regex_pattern_setaws_wafv2_rule_groupaws_wafv2_web_aclaws_wellarchitected_answeraws_wellarchitected_check_detailaws_wellarchitected_check_summaryaws_wellarchitected_consolidated_reportaws_wellarchitected_lensaws_wellarchitected_lens_reviewaws_wellarchitected_lens_review_improvementaws_wellarchitected_lens_review_reportaws_wellarchitected_lens_shareaws_wellarchitected_milestoneaws_wellarchitected_notificationaws_wellarchitected_share_invitationaws_wellarchitected_workloadaws_wellarchitected_workload_shareaws_workspaces_directoryaws_workspaces_workspace
Table: aws_iam_credential_report - Query AWS IAM Credential Reports using SQL
The AWS IAM Credential Report is a document that provides details about how the AWS Identity and Access Management (IAM) users in your AWS account are accessing AWS services. It lists all your AWS account's users and the status of their various credentials, including passwords, access keys, MFA devices, and signing certificates. This report can help you audit and improve the security of your AWS account.
Table Usage Guide
The aws_iam_credential_report table in Steampipe provides you with information about IAM credential reports within AWS Identity and Access Management (IAM). This table allows you, as a DevOps engineer, to query user-specific details, including access keys, password status, and MFA device usage. You can utilize this table to gather insights on IAM users, such as inactive users, users with password-enabled login, access key usage, and more. The schema outlines the various attributes of the IAM credential report, including the user name, user creation time, access key details, and password last used date. For more information about the credential report, see Getting Credential Reports in the IAM User Guide.
Important Notes
- You need a valid credential report to exist for this table. To generate one, please run the following AWS CLI command -
aws iam generate-credential-report.
Examples
List users that have logged into the console in the past 90 days
Determine the users who have accessed the console within the past three months. This can be useful for monitoring user activity, identifying potential security risks, or auditing user access for compliance purposes.
select user_namefrom aws_iam_credential_reportwhere password_enabled and password_last_used > (current_date - interval '90' day);select user_namefrom aws_iam_credential_reportwhere password_enabled = 1 and password_last_used > date('now', '-90 day');List users that have NOT logged into the console in the past 90 days
Identify users who may have abandoned their accounts or are no longer active by pinpointing those who haven't logged in for the past 90 days. This assists in maintaining secure and efficient user management by flagging potential inactive accounts for review or deletion.
select user_name, password_last_used, age(password_last_used)from aws_iam_credential_reportwhere password_enabled and password_last_used <= (current_date - interval '90' day)order by password_last_used;select user_name, password_last_used, julianday('now') - julianday(password_last_used)from aws_iam_credential_reportwhere password_enabled and julianday('now') - julianday(password_last_used) >= 90order by password_last_used;List users with console access that have never logged in to the console
Discover the segments of users who have been granted console access but have never utilized it. This can be useful in identifying unnecessary access privileges and enhancing security measures.
select user_namefrom aws_iam_credential_reportwhere password_status = 'never_used';select user_namefrom aws_iam_credential_reportwhere password_status = 'never_used';List access keys older than 90 days
Discover the segments that have access keys older than 90 days to assess potential security risks and ensure timely key rotation. This can help maintain secure access protocols and prevent unauthorized access.
select user_name, access_key_1_last_rotated, age(access_key_1_last_rotated) as access_key_1_age, access_key_2_last_rotated, age(access_key_2_last_rotated) as access_key_2_agefrom aws_iam_credential_reportwhere access_key_1_last_rotated <= (current_date - interval '90' day) or access_key_2_last_rotated <= (current_date - interval '90' day)order by user_name;select user_name, access_key_1_last_rotated, julianday('now') - julianday(access_key_1_last_rotated) as access_key_1_age, access_key_2_last_rotated, julianday('now') - julianday(access_key_2_last_rotated) as access_key_2_agefrom aws_iam_credential_reportwhere julianday('now') - julianday(access_key_1_last_rotated) >= 90 or julianday('now') - julianday(access_key_2_last_rotated) >= 90order by user_name;List users that have a console password but do not have MFA enabled
Explore which users have an active console password but lack multi-factor authentication. This is useful for identifying potential security vulnerabilities within your AWS IAM user base.
select user_name, mfa_active, password_enabledfrom aws_iam_credential_reportwhere password_enabled and not mfa_active;select user_name, mfa_active, password_enabledfrom aws_iam_credential_reportwhere password_enabled = 1 and mfa_active = 0;Check if root login has MFA enabled
Determine if the root account of your AWS IAM service has multifactor authentication (MFA) enabled. This is crucial for enhancing account security and preventing unauthorized access.
select user_name, mfa_activefrom aws_iam_credential_reportwhere user_name = '<root_account>';select user_name, mfa_activefrom aws_iam_credential_reportwhere user_name = '<root_account>';Control examples
- All Controls > IAM > Eliminate use of the 'root' user for administrative and daily tasks
- All Controls > IAM > Ensure credentials unused for 45 days or greater are disabled
- All Controls > IAM > Ensure IAM users are assigned access keys and passwords at setup
- All Controls > IAM > Ensure IAM users with access keys unused for 45 days or greater are disabled
- All Controls > IAM > Ensure IAM users with console access unused for 45 days or greater are disabled
- AWS Foundational Security Best Practices > IAM > 5 MFA should be enabled for all IAM users that have a console password
- AWS Foundational Security Best Practices > IAM > 8 Unused IAM user credentials should be removed
- CIS v1.2.0 > 1 Identity and Access Management > 1.2 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
- CIS v1.2.0 > 1 Identity and Access Management > 1.21 Do not setup access keys during initial user setup for all IAM users that have a console password
- CIS v1.2.0 > 1 Identity and Access Management > 1.3 Ensure credentials unused for 90 days or greater are disabled
- CIS v1.3.0 > 1 Identity and Access Management > 1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
- CIS v1.3.0 > 1 Identity and Access Management > 1.11 Do not setup access keys during initial user setup for all IAM users that have a console password
- CIS v1.3.0 > 1 Identity and Access Management > 1.12 Ensure credentials unused for 90 days or greater are disabled
- CIS v1.3.0 > 1 Identity and Access Management > 1.7 Eliminate use of the root user for administrative and daily tasks
- CIS v1.4.0 > 1 Identity and Access Management > 1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
- CIS v1.4.0 > 1 Identity and Access Management > 1.11 Do not setup access keys during initial user setup for all IAM users that have a console password
- CIS v1.4.0 > 1 Identity and Access Management > 1.12 Ensure credentials unused for 45 days or greater are disabled
- CIS v1.4.0 > 1 Identity and Access Management > 1.7 Eliminate use of the 'root' user for administrative and daily tasks
- CIS v1.5.0 > 1 Identity and Access Management > 1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
- CIS v1.5.0 > 1 Identity and Access Management > 1.11 Do not setup access keys during initial user setup for all IAM users that have a console password
- CIS v1.5.0 > 1 Identity and Access Management > 1.12 Ensure credentials unused for 45 days or greater are disabled
- CIS v1.5.0 > 1 Identity and Access Management > 1.7 Eliminate use of the 'root' user for administrative and daily tasks
- CIS v2.0.0 > 1 Identity and Access Management > 1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
- CIS v2.0.0 > 1 Identity and Access Management > 1.11 Do not setup access keys during initial user setup for all IAM users that have a console password
- CIS v2.0.0 > 1 Identity and Access Management > 1.12 Ensure credentials unused for 45 days or greater are disabled
- CIS v2.0.0 > 1 Identity and Access Management > 1.7 Eliminate use of the 'root' user for administrative and daily tasks
- CIS v3.0.0 > 1 Identity and Access Management > 1.10 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
- CIS v3.0.0 > 1 Identity and Access Management > 1.11 Do not setup access keys during initial user setup for all IAM users that have a console password
- CIS v3.0.0 > 1 Identity and Access Management > 1.12 Ensure credentials unused for 45 days or greater are disabled
- CIS v3.0.0 > 1 Identity and Access Management > 1.7 Eliminate use of the 'root' user for administrative and daily tasks
- IAM user credentials that have not been used in 90 days should be disabled
- IAM user MFA should be enabled
- IAM users with console access should have MFA enabled
Schema for aws_iam_credential_report
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| access_key_1_active | boolean | Does the user have an access key and is the access key's status Active. | |
| access_key_1_last_rotated | timestamp with time zone | The date and time when the user's access key was created or last changed. | |
| access_key_1_last_used_date | timestamp with time zone | The date and time when the user's access key was most recently used to sign an AWS API request. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field. | |
| access_key_1_last_used_region | text | The AWS Region in which the access key was most recently used. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field. | |
| access_key_1_last_used_service | text | The AWS service that was most recently accessed with the access key. The value in this field uses the service's namespace—for example, s3 for Amazon S3 and ec2 for Amazon EC2. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field. | |
| access_key_2_active | boolean | Does the user have a second access key and is the access key's status Active. | |
| access_key_2_last_rotated | timestamp with time zone | The date and time when the user's second access key was created or last changed. | |
| access_key_2_last_used_date | timestamp with time zone | The date and time when the user's second access key was most recently used to sign an AWS API request. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field. | |
| access_key_2_last_used_region | text | The AWS Region in which the user's second access key was most recently used. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field. | |
| access_key_2_last_used_service | text | The AWS service that was most recently accessed with the user's second access key. The value in this field uses the service's namespace—for example, s3 for Amazon S3 and ec2 for Amazon EC2. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field. | |
| account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
| cert_1_active | boolean | Does the user have an X.509 signing certificate and is that certificate's status Active. | |
| cert_1_last_rotated | timestamp with time zone | The date and time when the user's signing certificate was created or last changed. | |
| cert_2_active | boolean | Does the user have a second X.509 signing certificate and is that certificate's status Active. | |
| cert_2_last_rotated | timestamp with time zone | The date and time when the user's second signing certificate was created or last changed. | |
| generated_time | timestamp with time zone | The date and time when the credential report was created, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601). | |
| mfa_active | boolean | Whether a multi-factor authentication (MFA) device has been enabled for the user. | |
| partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
| password_enabled | boolean | When the user has a password, this value is true. Otherwise it is false. The value for the AWS account root user is always false. | |
| password_last_changed | timestamp with time zone | The date and time when the user's password was last set. | |
| password_last_used | timestamp with time zone | The date and time when the AWS account root user or IAM user's password was last used to sign in to an AWS website. | |
| password_next_rotation | timestamp with time zone | When the account has a password policy that requires password rotation, this field contains the date and time. | |
| password_status | text | The status of an user password. Password status can be one of used, never_used and not_set. | |
| region | text | The AWS Region in which the resource is located. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| user_arn | text | The Amazon Resource Name (ARN) of the user. | |
| user_creation_time | timestamp with time zone | The date and time when the user was created. | |
| user_name | text | The friendly name of the user. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- awsYou can pass the configuration to the command with the --config argument:
steampipe_export_aws --config '<your_config>' aws_iam_credential_report