After you generate a group or policy report using the
GenerateServiceLastAccessedDetails operation, you can use the JobId
parameter in GetServiceLastAccessedDetailsWithEntities. This operation
retrieves the status of your report job and a list of entities that
could have used group or policy permissions to access the specified
service.
iam_get_service_last_accessed_details_with_entities(JobId,
ServiceNamespace, MaxItems, Marker)[required] The ID of the request generated by the
GenerateServiceLastAccessedDetails operation.
[required] The service namespace for an AWS service. Provide the service namespace to learn when the IAM entity last attempted to access the specified service.
To learn the service namespace for a service, go to Actions, Resources, and Condition Keys for AWS Services
in the IAM User Guide and choose the name of the service to view
details for that service. In the first paragraph, find the service
prefix. For example, (service prefix: a4b). For more information about
service namespaces, see AWS Service Namespaces
in the<U+00C2><U+00A0>AWS General Reference.
Use this only when paginating results to indicate the maximum number of
items you want in the response. If additional items exist beyond the
maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to
100. Note that IAM might return fewer results, even when there are more
results available. In that case, the IsTruncated response element
returns true, and Marker contains a value to include in the
subsequent call that tells the service where to continue from.
Use this parameter only when paginating results and only after you
receive a response indicating that the results are truncated. Set it to
the value of the Marker element in the response that you received to
indicate where the next call should start.
svc$get_service_last_accessed_details_with_entities( JobId = "string", ServiceNamespace = "string", MaxItems = 123, Marker = "string" )
Group -- For a group report, this operation returns a list of users in the group that could have used the group's policies in an attempt to access the service.
Policy -- For a policy report, this operation returns a list of entities (users or roles) that could have used the policy in an attempt to access the service.
You can also use this operation for user or role reports to retrieve details about those entities.
If the operation fails, the GetServiceLastAccessedDetailsWithEntities
operation returns the reason that it failed.
By default, the list of associated entities is sorted by date, with the most recent access listed first.
# NOT RUN {
# The following operation returns details about the entities that
# attempted to access the IAM service.
# }
# NOT RUN {
svc$get_service_last_accessed_details_with_entities(
JobId = "examplef-1305-c245-eba4-71fe298bcda7",
ServiceNamespace = "iam"
)
# }
# NOT RUN {
# }
Run the code above in your browser using DataCamp Workspace