Options
All
  • Public
  • Public/Protected
  • All
Menu

Class User

A single IAM user, or line in the credential report csv file.

The documentation for this class is adapted from the official AWS documentation site, making changes where necessary to encode behavior that aws-cred-report asserts beyond the original CSV format.

Hierarchy

  • User

Index

Constructors

constructor

  • new User(csvRow: string[]): User
  • Parameters

    • csvRow: string[]

    Returns User

Properties

accessKey1Active

accessKey1Active: boolean

When the user has an access key and the access key's status is Active, this value is true. Otherwise it is false.

Optional accessKey1LastRotated

accessKey1LastRotated: Date

The date and time when the user's access key was created or last changed. If the user does not have an active access key, the field is empty.

Optional accessKey1LastUsed

accessKey1LastUsed: Date

The date and time when the user's access key was most recently used to sign an AWS API request. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field.

The value in this field is empty in these cases:

  • The user does not have an access key.
  • The access key has never been used.
  • The access key has not been used after IAM started tracking this information on April 22, 2015.

Optional accessKey1LastUsedRegion

accessKey1LastUsedRegion: undefined | string

The AWS Region in which the access key was most recently used. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field.

The value in this field is empty in these cases:

  • The user does not have an access key.
  • The access key has never been used.
  • The access key was last used before IAM started tracking this information on April 22, 2015.
  • The last used service is not Region-specific, such as Amazon S3.

Optional accessKey1LastUsedService

accessKey1LastUsedService: undefined | string

The AWS service that was most recently accessed with the access key. The value in this field uses the service's namespace — for example, s3 for Amazon S3 and ec2 for Amazon EC2. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field.

The value in this field is empty in these cases:

  • The user does not have an access key.
  • The access key has never been used.
  • The access key was last used before IAM started tracking this information on April 22, 2015.

accessKey2Active

accessKey2Active: boolean

When the user has a second access key and the second key's status is Active, this value is true. Otherwise it is false.

Note: Users can have up to two access keys, to make rotation easier. For more information about rotating access keys, see Rotating Access Keys.

Optional accessKey2LastRotated

accessKey2LastRotated: Date

The date and time when the user's second access key was created or last changed. If the user does not have a second access key, the field is empty.

Optional accessKey2LastUsed

accessKey2LastUsed: Date

The date and time when the user's second access key was most recently used to sign an AWS API request. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field.

The value in this field is empty in these cases:

  • The user does not have a second access key.
  • The second access key has never been used.
  • The second access key has not been used after IAM started tracking this information on April 22, 2015.

Optional accessKey2LastUsedRegion

accessKey2LastUsedRegion: undefined | string

The AWS Region in which the second access key was most recently used. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field.

The value in this field is empty in these cases:

  • The user does not have a second access key.
  • The second access key has never been used.
  • The second access key was last used before IAM started tracking this information on April 22, 2015.
  • The last used service is not Region-specific, such as Amazon S3.

Optional accessKey2LastUsedService

accessKey2LastUsedService: undefined | string

The AWS service that was most recently accessed with the second access key. The value in this field uses the service's namespace — for example, s3 for Amazon S3 and ec2 for Amazon EC2. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field.

The value in this field is empty in these cases:

  • The user does not have a second access key.
  • The second access key has never been used.
  • The second access key was last used before IAM started tracking this information on April 22, 2015.

arn

arn: string

The Amazon Resource Name (ARN) of the user. For more information about ARNs, see IAM ARNs.

cert1Active

cert1Active: boolean

When the user has an X.509 signing certificate and that certificate's status is Active, this value is true. Otherwise it is false.

Optional cert1LastRotated

cert1LastRotated: Date

The date and time when the user's signing certificate was created or last changed. If the user does not have an active signing certificate, the value in this field is empty.

cert2Active

cert2Active: boolean

When the user has a second X.509 signing certificate and that certificate's status is Active, this value is true. Otherwise it is false.

Note: Users can have up to two X.509 signing certificates, to make certificate rotation easier.

Optional cert2LastRotated

cert2LastRotated: Date

The date and time when the user's second signing certificate was created or last changed. If the user does not have a second active signing certificate, the value in this field is empty.

creationTime

creationTime: Date

The date and time when the user was created

isRoot

isRoot: boolean

Whether the given user is the root account. This value is derived from the user field in the original credential report.

mfaActive

mfaActive: boolean

When a multi-factor authentication (MFA) device has been enabled for the user, this value is true. Otherwise it is false.

passwordEnabled

passwordEnabled: boolean

When the user has a password, this value is true. Otherwise it is false. While the original CSV encodes the value not_supported for the root account, this library encodes that to true, given that root accounts always have a password enabled. Keeps the types cleaner.

Optional passwordLastChanged

passwordLastChanged: Date

The date and time when the user's password was last set. If the user does not have a password, the value in this field is empty. The value for the AWS account (root) is always empty.

Optional passwordLastUsed

passwordLastUsed: Date

The date and time when the AWS account root user or IAM user's password was last used to sign in to an AWS website. AWS websites that capture a user's last sign-in time are the AWS Management Console, the AWS Discussion Forums, and the AWS Marketplace. When a password is used more than once in a 5-minute span, only the first use is recorded in this field.

The value of this field will be empty when the original CSV contains either the value no_information or N/A.

The original value in this field is no_information in these cases:

  • The user's password has never been used.
  • There is no sign-in data associated with the password, such as when user's password has not been used after IAM started tracking this information on October 20, 2014.

The value in this field is N/A (not applicable) when the user does not have a password.

Important: Due to a service issue, password last used data does not include password use from May 3rd 2018 22:50 PDT to May 23rd 2018 14:08 PDT. This affects last sign-in dates shown in the IAM console and password last used dates in the IAM credential report, and returned by the GetUser API operation. If users signed in during the affected time, the password last used date that is returned is the date the user last signed in before May 3rd 2018. For users that signed in after May 23rd 2018 14:08 PDT, the returned password last used date is accurate.

If you use password last used information to identify unused credentials for deletion, such as deleting users who did not sign in to AWS in the last 90 days, we recommend that you adjust your evaluation window to include dates after May 23rd 2018. Alternatively, if your users use access keys to access AWS programmatically you can refer to access key last used information because it is accurate for all dates.

Optional passwordNextRotation

passwordNextRotation: Date

When the account has a password policy that requires password rotation, this field contains the date and time when the user is required to set a new password. The value for the AWS account (root) is always empty.

username

username: string

The friendly name of the user.

For the root account, this value is set to <root_account>.

Generated using TypeDoc