By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

User expiration policy Last Login.

0

Hello to the entire community, I need to create an IAM policy for my organization that reviews the last login and if more than 45 days have passed, the account is deactivated. Does anyone have an idea how to do it and help me.

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
AWS Identity and Access ManagementAWS Account ManagementIAM Policies
Language
English
sandypardo24
asked 2 years ago388 views
1 Answer
0
Accepted Answer

Hey there, I would look to write a lambda function that triggers on an eventbridge schedule that enumerates iam users where last login >= 45 days and status = active and disable them.

I would use python myself and the boto3 library. You’ll have to create and grant lambda role IAM user modify access

Here’s a link to something that’s already been written. May save you a job implementing this.

https://serverlessrepo.aws.amazon.com/applications/arn:aws:serverlessrepo:us-east-1:062052777684:applications~disabling-access-for-inactive-IAM-users

profile picture
EXPERT
Gary Mclean
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content