How can i get information of my all iam users. when they login?


i wanted know which iam user is login, i want to get notified when they login with thier iam user!!

asked 3 months ago125 views
2 Answers

You can use event bridge to monitor cloudtrail APi calls and send a message to an SNS topic. Theres a similar example here but specifically looking at AttachUserPolicy events. Replace this with ConsoleLogin

I believe this should work for you.

profile picture
answered 3 months ago
profile pictureAWS
reviewed 3 months ago
  • i already set consolelogin in eventbridge using cloudtrail but i receieved only 1 email from one iam account and but did not not get other users login information or notification(sns). and after 1 email it didnot send any email.

  • Do you mean 1 x iam user? This should trigger every time an IAM user logs into the console. Remember users stay logged in up to 12 hours unless they log out and in again


AWS makes requests based on API calls.

When accessing programmatically, including CLI, credentials are saved on the local PC and requests are made according to the permissions given to the credentials. Therefore, there is no login during this process.

However, if SSO is linked through Identity Center, SSO Login can be triggered from CLI. By analyzing Identity Center records in CloudTrail, you can see who has access to SSO. For detailed API call names, please check the official documentation [1].

In the management console, users log in with a password. This is not an API call, but it is recorded in CloudTrail. For example, in CloudTrail, if you collect records with an "eventSource" of "", you can determine which users are logged in. Please check the official documentation [2] for specific records.



profile pictureAWS
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions