问题
I'm reviewing IAM policies and roles that haven't been used in the last N number of days.
In the console I can easily view recent usage under Access Advisor.
I'd like to get the same in an automated way, but I can't find any documentation on getting this using CLI or SDK.
Is this possible?
回答1:
It is now available, check the link below
https://aws.amazon.com/about-aws/whats-new/2018/12/iam_access_advisor_apis/
回答2:
Netflix has a tool called Aardvark to scrape the Access Advisor data from the console. You may want to take a look at that.
https://medium.com/netflix-techblog/introducing-aardvark-and-repokid-53b081bf3a7e
回答3:
As far as I'm aware of, no. You might get lucky finding a way around using Selenium to automate the process, but that's a lengthy workaround.
No such luck using CloudTrail either. The closest thing I could find was when policies are last updated.
Hopefully, Amazon will take this into consideration. I've contacted them about this.
来源:https://stackoverflow.com/questions/46795348/get-aws-iam-policy-access-advisor-records-from-cli-or-sdk