Property roleLastUsed from AWS::IAM::Role has always been null #52
Comments
|
I can confirm that the property is missing in my environment. I run a query like this: SELECT
configuration.arn,
configuration.roleLastUsed
WHERE
resourceType = 'AWS::IAM::Role'
;And get a result where @hgmiguel it looks like AWS Config doesn't even record that property for the role. Use this Bash command to use the AWS CLI to list a number of base configuration items for IAM roles. aggregator="..."
aws configservice batch-get-aggregate-resource-config \
--configuration-aggregator-name "$aggregator" \
--resource-identifiers "$(
aws configservice list-aggregate-discovered-resources \
--configuration-aggregator-name "$aggregator" \
--resource-type AWS::IAM::Role \
--max-items 1 \
--query ResourceIdentifiers
)" \
| jq '.BaseConfigurationItems | map(.configuration |= fromjson)'All the base configuration items have a [
{
"version": "1.3",
"accountId": "...",
"configurationItemCaptureTime": "YYYY-MM-DDTHH:mm:ss.nnnnnnnn+01:00",
"configurationItemStatus": "ResourceDiscovered",
"configurationStateId": "...",
"arn": "...",
"resourceType": "AWS::IAM::Role",
"resourceId": "...",
"resourceName": "...",
"awsRegion": "global",
"availabilityZone": "Not Applicable",
"resourceCreationTime": "YYYY-MM-DDTHH:mm:ss+01:00",
"configuration": {
"path": "...",
"roleName": "...",
"roleId": "...",
"arn": "...",
"createDate": "YYYY-MM-DDTHH:mm:ss.000Z",
"assumeRolePolicyDocument": "...",
"instanceProfileList": [],
"rolePolicyList": [],
"attachedManagedPolicies": [],
"permissionsBoundary": null,
"tags": [],
"roleLastUsed": null
},
"supplementaryConfiguration": {}
}
] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I need to get the last used date from a role, but it is recorded as null. Is it possible to obtain that information from config?
"roleLastUsed": nullThe text was updated successfully, but these errors were encountered: