Last logon/auth time

Yes, that is in the works. We heard this requirement before so I will +1 the feature request.

Actually, from the client if you call getDevice, it should give you all that information. That won't be available from lambda unless you authenticate the user from lambda and call the getDevice from there using the access token.

Or alternatively, you can call adminGetDevice from lambda (it is available in the main AWS SDK for javascript) which only requires a username.

Edited by: Ionut@AWS on Feb 21, 2017 9:16 AM

Hi Ionut,

This was my idea in the first place and it works for first time connections but for subsequent connections it only works with remembered devices (because the DEVICE_SRP_AUTH is not happening ?).

If a device is tracked but not remembered user agent, source ip and last seen informations are not updated anymore after the first login.

Jonathan

I can take this as a request to update that, but is there a blocker for you turning on device remembering?

Edited by: JeffB@AWS on Mar 3, 2017 1:46 PM

I'm using MFA and remembered devices to suppress MFA but leave this choice to my users (opt-in). So when users choose to not remember the device, after the first login the device info is not updated anymore.

Understood, that's totally fair. We'll review that logic and see if we should update it.

Was this ever resolved? Is the "last seen" time updated for tracked only (not remembered) devices? Or it still only set when the device is first seen?

On a related note, can you clarify if the "last seen" value is the last time the device accessed Cognito or the last time an access token was granted?

More insights on this. Depending on what service you want to monitor.

• You can use AWS CloudTrail to track API calls made in your AWS account, including which IAM user or role made the call. This includes details like the source IP address, user agent, and request parameters.
• For IAM user sign-in activity, enable CloudTrail event history on the IAM management console. This records additional details for IAM user sign-ins like sign-in IP address, user agent, and platform.
• Configure CloudTrail to send log files to S3 and trigger a Lambda function when new logs are delivered. The Lambda function can parse the logs and extract details to store in a database or send notifications.
• For EC2 instance launch activity, enable CloudTrail insights for EC2 events. This provides visualizations of instance launch trends over time.
• Use AWS Config to track configuration changes to resources like launching new EC2 instances. It delivers configuration history that can help analyze activity.

Unfortunately there is no single API to retrieve all user activity details. But the above options provide ways to centrally track and analyze activity across different AWS services.